Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
wsx.exe

Overview

General Information

Sample name:wsx.exe
Analysis ID:1523266
MD5:bfbefe6213ea9b1d3d0f92c970998d80
SHA1:db7863df94867d3522c47ab417437e0e8c81b124
SHA256:c337e536bb2195ad30d214fee810360815797a4e3bd91a7d88949e4df6948791
Tags:exeuser-Porcupine
Infos:

Detection

Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Potentially malicious time measurement code found
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Uses schtasks.exe or at.exe to add and modify task schedules
Binary contains a suspicious time stamp
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • wsx.exe (PID: 6056 cmdline: "C:\Users\user\Desktop\wsx.exe" MD5: BFBEFE6213EA9B1D3D0F92C970998D80)
    • wsx.exe (PID: 2132 cmdline: "C:\Users\user\Desktop\wsx.exe" MD5: BFBEFE6213EA9B1D3D0F92C970998D80)
      • cmd.exe (PID: 6648 cmdline: C:\Windows\system32\cmd.exe /c "schtasks /query /tn "registry_65f93d51.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6496 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • schtasks.exe (PID: 3836 cmdline: schtasks /query /tn "registry_65f93d51.exe" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • cmd.exe (PID: 5340 cmdline: C:\Windows\system32\cmd.exe /c "schtasks /create /tn "registry_65f93d51.exe" /tr "C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe" /sc onlogon /rl highest /f" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6004 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • schtasks.exe (PID: 1868 cmdline: schtasks /create /tn "registry_65f93d51.exe" /tr "C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe" /sc onlogon /rl highest /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
  • registry_65f93d51.exe (PID: 1892 cmdline: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe MD5: BFBEFE6213EA9B1D3D0F92C970998D80)
    • registry_65f93d51.exe (PID: 5064 cmdline: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe MD5: BFBEFE6213EA9B1D3D0F92C970998D80)
      • cmd.exe (PID: 6584 cmdline: C:\Windows\system32\cmd.exe /c "schtasks /query /tn "registry_65f93d51.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6616 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • schtasks.exe (PID: 7108 cmdline: schtasks /query /tn "registry_65f93d51.exe" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: C:\Windows\system32\cmd.exe /c "schtasks /create /tn "registry_65f93d51.exe" /tr "C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe" /sc onlogon /rl highest /f", CommandLine: C:\Windows\system32\cmd.exe /c "schtasks /create /tn "registry_65f93d51.exe" /tr "C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe" /sc onlogon /rl highest /f", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\wsx.exe", ParentImage: C:\Users\user\Desktop\wsx.exe, ParentProcessId: 2132, ParentProcessName: wsx.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c "schtasks /create /tn "registry_65f93d51.exe" /tr "C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe" /sc onlogon /rl highest /f", ProcessId: 5340, ProcessName: cmd.exe
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: C:\Windows\system32\cmd.exe /c "schtasks /create /tn "registry_65f93d51.exe" /tr "C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe" /sc onlogon /rl highest /f", CommandLine: C:\Windows\system32\cmd.exe /c "schtasks /create /tn "registry_65f93d51.exe" /tr "C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe" /sc onlogon /rl highest /f", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\wsx.exe", ParentImage: C:\Users\user\Desktop\wsx.exe, ParentProcessId: 2132, ParentProcessName: wsx.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c "schtasks /create /tn "registry_65f93d51.exe" /tr "C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe" /sc onlogon /rl highest /f", ProcessId: 5340, ProcessName: cmd.exe
Sigma detected: Suspicious Schtasks From Env Var Folder
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: schtasks /create /tn "registry_65f93d51.exe" /tr "C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe" /sc onlogon /rl highest /f, CommandLine: schtasks /create /tn "registry_65f93d51.exe" /tr "C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe" /sc onlogon /rl highest /f, CommandLine|base64offset|contains: mj,, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c "schtasks /create /tn "registry_65f93d51.exe" /tr "C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe" /sc onlogon /rl highest /f", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 5340, ParentProcessName: cmd.exe, ProcessCommandLine: schtasks /create /tn "registry_65f93d51.exe" /tr "C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe" /sc onlogon /rl highest /f, ProcessId: 1868, ProcessName: schtasks.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: wsx.exeVirustotal: Detection: 13%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.6% probability
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A93001F0 EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_MD_CTX_md,EVP_MD_size,CRYPTO_memcmp,EVP_MD_CTX_md,EVP_MD_CTX_md,EVP_MD_size,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,CRYPTO_memcmp,strncmp,strncmp,strncmp,strncmp,strncmp,2_2_00007FF8A93001F0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9313410 ERR_put_error,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,2_2_00007FF8A9313410
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F18CF CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A92F18CF
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1357 memcmp,memcmp,EVP_CIPHER_CTX_free,CRYPTO_free,CRYPTO_free,memcmp,memcmp,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FF8A92F1357
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9356AC0 CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,2_2_00007FF8A9356AC0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A930A970 CRYPTO_THREAD_run_once,2_2_00007FF8A930A970
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F2252 BIO_s_file,BIO_new,BIO_ctrl,strncmp,strncmp,CRYPTO_realloc,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free,2_2_00007FF8A92F2252
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9314900 X509_VERIFY_PARAM_free,CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,ENGINE_finish,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FF8A9314900
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A931C9D0 ERR_put_error,CRYPTO_realloc,CRYPTO_realloc,ERR_put_error,2_2_00007FF8A931C9D0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9322C70 CRYPTO_THREAD_write_lock,OPENSSL_LH_insert,OPENSSL_LH_retrieve,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FF8A9322C70
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F17B7 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FF8A92F17B7
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1FB9 BN_bin2bn,BN_is_zero,CRYPTO_free,CRYPTO_strdup,CRYPTO_clear_free,2_2_00007FF8A92F1FB9
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F8B20 CRYPTO_free,2_2_00007FF8A92F8B20
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A930CB50 CRYPTO_get_ex_new_index,2_2_00007FF8A930CB50
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9346B00 EVP_MD_CTX_new,X509_get0_pubkey,EVP_PKEY_id,EVP_PKEY_id,EVP_PKEY_id,EVP_PKEY_size,EVP_DigestVerifyInit,EVP_PKEY_id,CRYPTO_malloc,BUF_reverse,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,EVP_DigestUpdate,EVP_MD_CTX_ctrl,EVP_DigestVerify,BIO_free,EVP_MD_CTX_free,CRYPTO_free,2_2_00007FF8A9346B00
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A933ABF0 memset,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free,2_2_00007FF8A933ABF0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F6BE0 CRYPTO_zalloc,CRYPTO_free,2_2_00007FF8A92F6BE0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1230 memcpy,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,memcmp,_time64,2_2_00007FF8A92F1230
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A931CB90 ERR_put_error,ERR_put_error,ERR_put_error,EVP_MD_size,ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_malloc,ERR_put_error,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,ERR_put_error,EVP_PKEY_free,X509_get0_pubkey,X509_free,OPENSSL_sk_push,ERR_put_error,X509_free,ERR_put_error,2_2_00007FF8A931CB90
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A930CBB0 i2d_X509_NAME,i2d_X509_NAME,memcmp,CRYPTO_free,CRYPTO_free,2_2_00007FF8A930CBB0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F8E30 CRYPTO_malloc,ERR_put_error,2_2_00007FF8A92F8E30
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9340E00 CRYPTO_malloc,ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_zalloc,ERR_put_error,CRYPTO_free,2_2_00007FF8A9340E00
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92FEE90 EVP_MD_CTX_md,EVP_MD_size,CRYPTO_memcmp,EVP_MD_CTX_md,EVP_MD_CTX_md,EVP_MD_size,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,CRYPTO_memcmp,2_2_00007FF8A92FEE90
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A930EE80 CRYPTO_THREAD_run_once,OPENSSL_sk_find,OPENSSL_sk_value,EVP_CIPHER_flags,EVP_get_cipherbyname,EVP_get_cipherbyname,EVP_get_cipherbyname,EVP_get_cipherbyname,EVP_get_cipherbyname,2_2_00007FF8A930EE80
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9326D50 CRYPTO_free,2_2_00007FF8A9326D50
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9340D60 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A9340D60
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F22DE ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,2_2_00007FF8A92F22DE
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F2545 CRYPTO_malloc,ERR_put_error,BIO_snprintf,2_2_00007FF8A92F2545
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9326DC0 CRYPTO_free,CRYPTO_strdup,CRYPTO_free,2_2_00007FF8A9326DC0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F172B CRYPTO_free,CRYPTO_strndup,2_2_00007FF8A92F172B
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1BF9 ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,OPENSSL_LH_new,OPENSSL_sk_num,EVP_get_digestbyname,EVP_get_digestbyname,OPENSSL_sk_new_null,OPENSSL_sk_new_null,CRYPTO_new_ex_data,RAND_bytes,RAND_priv_bytes,RAND_priv_bytes,RAND_priv_bytes,2_2_00007FF8A92F1BF9
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1B5E EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,2_2_00007FF8A92F1B5E
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A933D040 CRYPTO_free,CRYPTO_free,2_2_00007FF8A933D040
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F228E CRYPTO_free,2_2_00007FF8A92F228E
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F2261 CRYPTO_zalloc,ERR_put_error,2_2_00007FF8A92F2261
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9307093 ERR_put_error,CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A9307093
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A932F080 CRYPTO_realloc,2_2_00007FF8A932F080
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F23EC CRYPTO_free,CRYPTO_malloc,memcmp,CRYPTO_memdup,2_2_00007FF8A92F23EC
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9337090 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A9337090
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1DAC CONF_parse_list,ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,2_2_00007FF8A92F1DAC
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A933AF60 X509_get0_pubkey,CRYPTO_malloc,RAND_bytes,EVP_PKEY_CTX_new,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_PKEY_CTX_free,2_2_00007FF8A933AF60
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1B4A CRYPTO_THREAD_write_lock,OPENSSL_LH_set_down_load,CRYPTO_THREAD_unlock,2_2_00007FF8A92F1B4A
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9306F93 CRYPTO_free,CRYPTO_strdup,ERR_put_error,ERR_put_error,2_2_00007FF8A9306F93
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9328FF0 EVP_MD_size,EVP_MD_CTX_new,EVP_DigestInit_ex,EVP_DigestFinal_ex,EVP_DigestInit_ex,BIO_ctrl,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_PKEY_new_raw_private_key,EVP_DigestSignInit,EVP_DigestUpdate,EVP_DigestSignFinal,CRYPTO_memcmp,OPENSSL_cleanse,OPENSSL_cleanse,EVP_PKEY_free,EVP_MD_CTX_free,2_2_00007FF8A9328FF0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F109B CRYPTO_free,CRYPTO_memdup,CRYPTO_memdup,2_2_00007FF8A92F109B
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A93062B0 CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A93062B0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A93242D0 OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FF8A93242D0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F17D5 CRYPTO_malloc,memcpy,2_2_00007FF8A92F17D5
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A93482E0 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8A93482E0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F16B8 OPENSSL_sk_new_null,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_clear_error,OPENSSL_sk_value,X509_get0_pubkey,EVP_PKEY_missing_parameters,X509_free,X509_up_ref,X509_free,OPENSSL_sk_pop_free,2_2_00007FF8A92F16B8
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92FE100 CRYPTO_free,2_2_00007FF8A92FE100
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9324110 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,2_2_00007FF8A9324110
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92FE1B0 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc,2_2_00007FF8A92FE1B0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1D52 BN_num_bits,CRYPTO_malloc,BN_bn2bin,BN_clear_free,BN_clear_free,2_2_00007FF8A92F1D52
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9308180 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A9308180
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9316190 ERR_put_error,CRYPTO_free,ERR_put_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,2_2_00007FF8A9316190
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F4437 CRYPTO_zalloc,ERR_put_error,BIO_set_init,BIO_set_data,BIO_clear_flags,2_2_00007FF8A92F4437
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9312450 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,2_2_00007FF8A9312450
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1514 CRYPTO_free,2_2_00007FF8A92F1514
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F225C CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_put_error,2_2_00007FF8A92F225C
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9308420 EVP_PKEY_CTX_new,EVP_PKEY_derive_init,EVP_PKEY_derive_set_peer,EVP_PKEY_derive,CRYPTO_malloc,EVP_PKEY_derive,CRYPTO_clear_free,EVP_PKEY_CTX_free,2_2_00007FF8A9308420
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1CE4 CRYPTO_free,CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A92F1CE4
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A93044F0 CRYPTO_clear_free,2_2_00007FF8A93044F0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A933848F CRYPTO_malloc,2_2_00007FF8A933848F
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9324490 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,2_2_00007FF8A9324490
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A934A35C CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A934A35C
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1E60 CRYPTO_clear_free,2_2_00007FF8A92F1E60
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A93283F0 CRYPTO_zalloc,CRYPTO_free,2_2_00007FF8A93283F0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92FE3F0 CRYPTO_malloc,2_2_00007FF8A92FE3F0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A93063EA CRYPTO_free,2_2_00007FF8A93063EA
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A93303A0 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A93303A0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F2310 CRYPTO_free,2_2_00007FF8A92F2310
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1F9B CRYPTO_free,BIO_clear_flags,BIO_set_flags,BIO_snprintf,ERR_add_error_data,memcpy,2_2_00007FF8A92F1F9B
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F4660 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,2_2_00007FF8A92F4660
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F2149 ERR_put_error,CRYPTO_realloc,CRYPTO_realloc,ERR_put_error,2_2_00007FF8A92F2149
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F8640 CRYPTO_zalloc,ERR_put_error,BUF_MEM_grow,2_2_00007FF8A92F8640
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1500 CRYPTO_free,CRYPTO_memdup,ERR_put_error,2_2_00007FF8A92F1500
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A933C6C0 CRYPTO_malloc,2_2_00007FF8A933C6C0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1F78 CRYPTO_strdup,2_2_00007FF8A92F1F78
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1B18 memset,OPENSSL_cleanse,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,CRYPTO_memcmp,2_2_00007FF8A92F1B18
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F15CD EVP_MD_CTX_new,EVP_PKEY_new,EVP_PKEY_assign,DH_free,EVP_PKEY_security_bits,EVP_PKEY_get0_DH,EVP_PKEY_free,DH_get0_key,EVP_PKEY_get1_tls_encodedpoint,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,BN_num_bits,BN_num_bits,memset,BN_num_bits,BN_bn2bin,CRYPTO_free,EVP_PKEY_size,EVP_DigestSignInit,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,EVP_DigestSign,CRYPTO_free,EVP_MD_CTX_free,2_2_00007FF8A92F15CD
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92FE510 CRYPTO_free,CRYPTO_malloc,2_2_00007FF8A92FE510
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1EB5 CRYPTO_strdup,CRYPTO_free,2_2_00007FF8A92F1EB5
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A933C510 EVP_CIPHER_CTX_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A933C510
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1B95 CRYPTO_free,CRYPTO_malloc,2_2_00007FF8A92F1B95
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1208 CRYPTO_zalloc,memcpy,memcpy,memcpy,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FF8A92F1208
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F8590 CRYPTO_zalloc,ERR_put_error,2_2_00007FF8A92F8590
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A933A5E0 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,2_2_00007FF8A933A5E0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9330590 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8A9330590
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F19EC CRYPTO_malloc,ERR_put_error,CRYPTO_free,2_2_00007FF8A92F19EC
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1AB9 CRYPTO_free,2_2_00007FF8A92F1AB9
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A93485A0 CRYPTO_malloc,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,RAND_bytes,EVP_sha256,EVP_EncryptUpdate,EVP_EncryptFinal,HMAC_Update,HMAC_Final,2_2_00007FF8A93485A0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F19BA CRYPTO_malloc,2_2_00007FF8A92F19BA
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9308870 CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse,2_2_00007FF8A9308870
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1C26 EVP_CIPHER_key_length,EVP_CIPHER_iv_length,CRYPTO_malloc,2_2_00007FF8A92F1C26
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A931C8E0 CRYPTO_free,CRYPTO_free,2_2_00007FF8A931C8E0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F250E CRYPTO_free,2_2_00007FF8A92F250E
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A931C740 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_put_error,2_2_00007FF8A931C740
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1EAB CRYPTO_memcmp,memchr,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,2_2_00007FF8A92F1EAB
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1249 CRYPTO_zalloc,ERR_put_error,_time64,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,memcpy,2_2_00007FF8A92F1249
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9342730 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset,memcpy,memcpy,2_2_00007FF8A9342730
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A93387CE CRYPTO_free,CRYPTO_free,2_2_00007FF8A93387CE
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9358780 HMAC_CTX_new,EVP_CIPHER_CTX_new,EVP_sha256,HMAC_Init_ex,EVP_aes_256_cbc,HMAC_size,EVP_CIPHER_CTX_iv_length,HMAC_Update,HMAC_Final,CRYPTO_memcmp,EVP_CIPHER_CTX_iv_length,EVP_CIPHER_CTX_iv_length,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,memcpy,ERR_clear_error,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,2_2_00007FF8A9358780
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A933A7B0 EVP_DigestUpdate,EVP_MD_CTX_free,EVP_PKEY_CTX_free,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_MD_CTX_free,2_2_00007FF8A933A7B0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1D8E BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A92F1D8E
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1870 CRYPTO_free,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A92F1870
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F2095 CRYPTO_free,_time64,CRYPTO_free,CRYPTO_malloc,EVP_sha256,EVP_Digest,EVP_MD_size,CRYPTO_free,2_2_00007FF8A92F2095
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1686 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A92F1686
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A932FAF0 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A932FAF0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A934FAF0 BN_bin2bn,BN_ucmp,BN_is_zero,CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A934FAF0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1C0D CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A92F1C0D
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F215D CRYPTO_free,CRYPTO_malloc,RAND_bytes,2_2_00007FF8A92F215D
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F218F EVP_MD_CTX_new,EVP_PKEY_size,CRYPTO_malloc,EVP_DigestSignInit,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,EVP_DigestUpdate,EVP_MD_CTX_ctrl,EVP_DigestSignFinal,EVP_DigestSign,BUF_reverse,CRYPTO_free,EVP_MD_CTX_free,CRYPTO_free,EVP_MD_CTX_free,2_2_00007FF8A92F218F
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F125D BIO_pop,BIO_free,BIO_free_all,BIO_free_all,BUF_MEM_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,SCT_LIST_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,ASYNC_WAIT_CTX_free,CRYPTO_free,OPENSSL_sk_free,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FF8A92F125D
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F193A CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A92F193A
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1663 CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A92F1663
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A933FC60 CRYPTO_free,CRYPTO_free,CRYPTO_strndup,2_2_00007FF8A933FC60
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F24D2 OPENSSL_sk_new_null,d2i_X509,CRYPTO_free,OPENSSL_sk_push,OPENSSL_sk_num,CRYPTO_memcmp,CRYPTO_free,X509_free,OPENSSL_sk_pop_free,OPENSSL_sk_value,X509_get0_pubkey,X509_free,OPENSSL_sk_shift,OPENSSL_sk_pop_free,2_2_00007FF8A92F24D2
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F20F4 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,2_2_00007FF8A92F20F4
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F12E4 EVP_MD_size,RAND_bytes,_time64,CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A92F12E4
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F101E EVP_PKEY_free,BN_num_bits,BN_bn2bin,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_clear_free,2_2_00007FF8A92F101E
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A930FB30 CRYPTO_zalloc,ERR_put_error,CRYPTO_free,2_2_00007FF8A930FB30
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9311BD0 CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A9311BD0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9329B90 CRYPTO_memcmp,2_2_00007FF8A9329B90
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1ABE CONF_parse_list,CRYPTO_malloc,ERR_put_error,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FF8A92F1ABE
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F7BD0 CRYPTO_free,2_2_00007FF8A92F7BD0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F7E20 CRYPTO_zalloc,ERR_put_error,2_2_00007FF8A92F7E20
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A930DE70 COMP_zlib,CRYPTO_mem_ctrl,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,OPENSSL_sk_sort,CRYPTO_mem_ctrl,2_2_00007FF8A930DE70
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1CD5 CRYPTO_malloc,COMP_expand_block,2_2_00007FF8A92F1CD5
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F150A CRYPTO_free,CRYPTO_malloc,ERR_put_error,memcpy,2_2_00007FF8A92F150A
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9329E30 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A9329E30
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9337EC7 CRYPTO_clear_free,2_2_00007FF8A9337EC7
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9305E80 CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,memset,CRYPTO_free,2_2_00007FF8A9305E80
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1E6A CRYPTO_zalloc,ERR_put_error,BUF_MEM_grow,CRYPTO_free,2_2_00007FF8A92F1E6A
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9313D40 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A9313D40
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F7D20 CRYPTO_free,2_2_00007FF8A92F7D20
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9347D00 CRYPTO_memcmp,2_2_00007FF8A9347D00
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1104 EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FF8A92F1104
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F22CA ERR_put_error,CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A92F22CA
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A932FDC0 CRYPTO_free,CRYPTO_free,2_2_00007FF8A932FDC0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1F28 CRYPTO_free,CRYPTO_malloc,memcpy,2_2_00007FF8A92F1F28
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F16E5 CRYPTO_zalloc,2_2_00007FF8A92F16E5
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A930DD80 CRYPTO_mem_ctrl,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,OPENSSL_sk_push,OPENSSL_sk_sort,CRYPTO_mem_ctrl,2_2_00007FF8A930DD80
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A930FDA0 strncmp,strncmp,strncmp,strncmp,ERR_put_error,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,ERR_put_error,strncmp,CRYPTO_free,OPENSSL_sk_new_null,CRYPTO_free,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_push,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_free,CRYPTO_free,OPENSSL_sk_free,2_2_00007FF8A930FDA0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A932A050 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,2_2_00007FF8A932A050
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9330070 CRYPTO_memcmp,2_2_00007FF8A9330070
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F405B BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,ERR_put_error,BIO_set_init,BIO_clear_flags,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init,2_2_00007FF8A92F405B
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A93480C0 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A93480C0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92FE0A0 CRYPTO_free,2_2_00007FF8A92FE0A0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A930E0B0 CRYPTO_THREAD_run_once,2_2_00007FF8A930E0B0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1F01 CRYPTO_malloc,memcpy,memcpy,memcmp,memcmp,memcmp,ERR_put_error,CRYPTO_clear_free,2_2_00007FF8A92F1F01
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A935BF20 SRP_Calc_u,BN_num_bits,CRYPTO_malloc,BN_bn2bin,BN_clear_free,BN_clear_free,CRYPTO_clear_free,BN_clear_free,2_2_00007FF8A935BF20
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F7F80 CRYPTO_zalloc,ERR_put_error,2_2_00007FF8A92F7F80
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F9FF0 CRYPTO_malloc,memset,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A92F9FF0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92FDFF0 CRYPTO_free,2_2_00007FF8A92FDFF0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9341F80 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,2_2_00007FF8A9341F80
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A930BFB0 CRYPTO_zalloc,ERR_put_error,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,2_2_00007FF8A930BFB0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9309FB0 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8A9309FB0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9327270 CRYPTO_free,2_2_00007FF8A9327270
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A934D230 OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,memcmp,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,CRYPTO_memcmp,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A934D230
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A932F2C0 CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A932F2C0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A934F2D0 CRYPTO_free,CRYPTO_strndup,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,2_2_00007FF8A934F2D0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A933B2E0 BN_num_bits,BN_bn2bin,CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A933B2E0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F23DD CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A92F23DD
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9325120 CRYPTO_malloc,CRYPTO_THREAD_lock_new,CRYPTO_new_ex_data,X509_up_ref,X509_chain_up_ref,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_dup_ex_data,CRYPTO_strdup,CRYPTO_memdup,ERR_put_error,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_memdup,2_2_00007FF8A9325120
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F191F ERR_put_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_new_reserve,OPENSSL_sk_value,CRYPTO_dup_ex_data,BIO_ctrl,BIO_ctrl,BIO_up_ref,X509_VERIFY_PARAM_inherit,OPENSSL_sk_dup,OPENSSL_sk_dup,2_2_00007FF8A92F191F
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A93231F0 CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,2_2_00007FF8A93231F0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F24D7 CRYPTO_malloc,ERR_put_error,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FF8A92F24D7
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F207C CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,memset,2_2_00007FF8A92F207C
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9327460 CRYPTO_free,2_2_00007FF8A9327460
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A93274D0 CRYPTO_free,2_2_00007FF8A93274D0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9309480 ASN1_item_d2i,ERR_put_error,ASN1_item_free,memcpy,_time64,X509_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,ASN1_item_free,2_2_00007FF8A9309480
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F141F EVP_PKEY_get1_tls_encodedpoint,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,2_2_00007FF8A92F141F
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F18BB CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,memset,2_2_00007FF8A92F18BB
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F17A3 CRYPTO_free,2_2_00007FF8A92F17A3
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1005 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset,2_2_00007FF8A92F1005
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9327310 CRYPTO_free,CRYPTO_free,2_2_00007FF8A9327310
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F2144 EVP_MD_CTX_new,EVP_MD_CTX_copy_ex,CRYPTO_memcmp,memcpy,memcpy,2_2_00007FF8A92F2144
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9337320 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8A9337320
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1253 CRYPTO_free,2_2_00007FF8A92F1253
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A931D3C0 CRYPTO_malloc,CRYPTO_clear_free,2_2_00007FF8A931D3C0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A93193D0 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,2_2_00007FF8A93193D0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A93433D0 CRYPTO_malloc,memcpy,2_2_00007FF8A93433D0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1028 EVP_PKEY_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_new,RSA_pkey_ctx_ctrl,CRYPTO_free,EVP_MD_CTX_free,EVP_MD_CTX_free,2_2_00007FF8A92F1028
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F231A CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A92F231A
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1A0A EVP_MD_size,EVP_CIPHER_iv_length,EVP_CIPHER_key_length,CRYPTO_clear_free,CRYPTO_malloc,2_2_00007FF8A92F1A0A
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F2446 CRYPTO_free,CRYPTO_memdup,ERR_put_error,2_2_00007FF8A92F2446
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9357650 CRYPTO_free,CRYPTO_malloc,ERR_put_error,2_2_00007FF8A9357650
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F24AF CRYPTO_free,CRYPTO_malloc,memcpy,2_2_00007FF8A92F24AF
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1C44 X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,2_2_00007FF8A92F1C44
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9319630 ERR_put_error,ERR_put_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_put_error,OPENSSL_sk_dup,X509_VERIFY_PARAM_new,X509_VERIFY_PARAM_inherit,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_malloc,memcpy,CRYPTO_new_ex_data,2_2_00007FF8A9319630
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F10A5 CRYPTO_zalloc,ERR_put_error,ERR_put_error,CRYPTO_free,EVP_PKEY_up_ref,X509_up_ref,EVP_PKEY_up_ref,X509_chain_up_ref,CRYPTO_malloc,memcpy,CRYPTO_malloc,memcpy,ERR_put_error,EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_malloc,memcpy,CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup,2_2_00007FF8A92F10A5
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A901F0 EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_MD_CTX_md,EVP_MD_size,CRYPTO_memcmp,EVP_MD_CTX_md,EVP_MD_CTX_md,EVP_MD_size,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,CRYPTO_memcmp,strncmp,strncmp,strncmp,strncmp,strncmp,10_2_00007FF8A7A901F0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AA3410 ERR_put_error,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,10_2_00007FF8A7AA3410
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A8250E CRYPTO_free,10_2_00007FF8A7A8250E
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AAC8E0 CRYPTO_free,CRYPTO_free,10_2_00007FF8A7AAC8E0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A98870 CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse,10_2_00007FF8A7A98870
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81C26 EVP_CIPHER_key_length,EVP_CIPHER_iv_length,CRYPTO_malloc,10_2_00007FF8A7A81C26
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A819BA CRYPTO_malloc,10_2_00007FF8A7A819BA
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7ACA7B0 EVP_DigestUpdate,EVP_MD_CTX_free,EVP_PKEY_CTX_free,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_MD_CTX_free,10_2_00007FF8A7ACA7B0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AE8780 HMAC_CTX_new,EVP_CIPHER_CTX_new,EVP_sha256,HMAC_Init_ex,EVP_aes_256_cbc,HMAC_size,EVP_CIPHER_CTX_iv_length,HMAC_Update,HMAC_Final,CRYPTO_memcmp,EVP_CIPHER_CTX_iv_length,EVP_CIPHER_CTX_iv_length,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,memcpy,ERR_clear_error,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,10_2_00007FF8A7AE8780
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AC87CE CRYPTO_free,CRYPTO_free,10_2_00007FF8A7AC87CE
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AD2730 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset,memcpy,memcpy,10_2_00007FF8A7AD2730
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81249 CRYPTO_zalloc,ERR_put_error,_time64,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,memcpy,10_2_00007FF8A7A81249
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81EAB CRYPTO_memcmp,memchr,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,10_2_00007FF8A7A81EAB
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AAC740 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_put_error,10_2_00007FF8A7AAC740
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A815CD EVP_MD_CTX_new,EVP_PKEY_new,EVP_PKEY_assign,DH_free,EVP_PKEY_security_bits,EVP_PKEY_get0_DH,EVP_PKEY_free,DH_get0_key,EVP_PKEY_get1_tls_encodedpoint,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,BN_num_bits,BN_num_bits,memset,BN_num_bits,BN_bn2bin,CRYPTO_free,EVP_PKEY_size,EVP_DigestSignInit,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,EVP_DigestSign,CRYPTO_free,EVP_MD_CTX_free,10_2_00007FF8A7A815CD
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81B18 memset,OPENSSL_cleanse,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,CRYPTO_memcmp,10_2_00007FF8A7A81B18
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81F78 CRYPTO_strdup,10_2_00007FF8A7A81F78
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7ACC6C0 CRYPTO_malloc,10_2_00007FF8A7ACC6C0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81500 CRYPTO_free,CRYPTO_memdup,ERR_put_error,10_2_00007FF8A7A81500
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A82149 ERR_put_error,CRYPTO_realloc,CRYPTO_realloc,ERR_put_error,10_2_00007FF8A7A82149
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81F9B CRYPTO_free,BIO_clear_flags,BIO_set_flags,BIO_snprintf,ERR_add_error_data,memcpy,10_2_00007FF8A7A81F9B
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A84660 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,10_2_00007FF8A7A84660
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A88640 CRYPTO_zalloc,ERR_put_error,BUF_MEM_grow,10_2_00007FF8A7A88640
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A819EC CRYPTO_malloc,ERR_put_error,CRYPTO_free,10_2_00007FF8A7A819EC
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81AB9 CRYPTO_free,10_2_00007FF8A7A81AB9
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AD85A0 CRYPTO_malloc,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,RAND_bytes,EVP_sha256,EVP_EncryptUpdate,EVP_EncryptFinal,HMAC_Update,HMAC_Final,10_2_00007FF8A7AD85A0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A88590 CRYPTO_zalloc,ERR_put_error,10_2_00007FF8A7A88590
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AC0590 CRYPTO_free,CRYPTO_strndup,10_2_00007FF8A7AC0590
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7ACA5E0 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,10_2_00007FF8A7ACA5E0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81208 CRYPTO_zalloc,memcpy,memcpy,memcpy,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free,10_2_00007FF8A7A81208
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81B95 CRYPTO_free,CRYPTO_malloc,10_2_00007FF8A7A81B95
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A8E510 CRYPTO_free,CRYPTO_malloc,10_2_00007FF8A7A8E510
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7ACC510 EVP_CIPHER_CTX_free,CRYPTO_free,CRYPTO_free,10_2_00007FF8A7ACC510
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81EB5 CRYPTO_strdup,CRYPTO_free,10_2_00007FF8A7A81EB5
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AB4490 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,10_2_00007FF8A7AB4490
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AC848F CRYPTO_malloc,10_2_00007FF8A7AC848F
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A944F0 CRYPTO_clear_free,10_2_00007FF8A7A944F0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81CE4 CRYPTO_free,CRYPTO_free,CRYPTO_memdup,10_2_00007FF8A7A81CE4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A84437 CRYPTO_zalloc,ERR_put_error,BIO_set_init,BIO_set_data,BIO_clear_flags,10_2_00007FF8A7A84437
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A98420 EVP_PKEY_CTX_new,EVP_PKEY_derive_init,EVP_PKEY_derive_set_peer,EVP_PKEY_derive,CRYPTO_malloc,EVP_PKEY_derive,CRYPTO_clear_free,EVP_PKEY_CTX_free,10_2_00007FF8A7A98420
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81514 CRYPTO_free,10_2_00007FF8A7A81514
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A8225C CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_put_error,10_2_00007FF8A7A8225C
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AA2450 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,10_2_00007FF8A7AA2450
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AC03A0 CRYPTO_free,CRYPTO_memdup,10_2_00007FF8A7AC03A0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A82310 CRYPTO_free,10_2_00007FF8A7A82310
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A8E3F0 CRYPTO_malloc,10_2_00007FF8A7A8E3F0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AB83F0 CRYPTO_zalloc,CRYPTO_free,10_2_00007FF8A7AB83F0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A963EA CRYPTO_free,10_2_00007FF8A7A963EA
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81E60 CRYPTO_clear_free,10_2_00007FF8A7A81E60
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7ADA35C CRYPTO_free,CRYPTO_memdup,10_2_00007FF8A7ADA35C
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A962B0 CRYPTO_free,CRYPTO_strdup,10_2_00007FF8A7A962B0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A817D5 CRYPTO_malloc,memcpy,10_2_00007FF8A7A817D5
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AD82E0 CRYPTO_free,CRYPTO_strndup,10_2_00007FF8A7AD82E0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AB42D0 OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,10_2_00007FF8A7AB42D0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A8109B CRYPTO_free,CRYPTO_memdup,CRYPTO_memdup,10_2_00007FF8A7A8109B
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A8E1B0 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc,10_2_00007FF8A7A8E1B0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AA6190 ERR_put_error,CRYPTO_free,ERR_put_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,10_2_00007FF8A7AA6190
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A98180 CRYPTO_free,CRYPTO_memdup,10_2_00007FF8A7A98180
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81D52 BN_num_bits,CRYPTO_malloc,BN_bn2bin,BN_clear_free,BN_clear_free,10_2_00007FF8A7A81D52
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AB4110 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,10_2_00007FF8A7AB4110
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A8E100 CRYPTO_free,10_2_00007FF8A7A8E100
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A816B8 OPENSSL_sk_new_null,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_clear_error,OPENSSL_sk_value,X509_get0_pubkey,EVP_PKEY_missing_parameters,X509_free,X509_up_ref,X509_free,OPENSSL_sk_pop_free,10_2_00007FF8A7A816B8
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AC7090 CRYPTO_free,CRYPTO_memdup,10_2_00007FF8A7AC7090
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A97093 ERR_put_error,CRYPTO_free,CRYPTO_strdup,10_2_00007FF8A7A97093
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7ABF080 CRYPTO_realloc,10_2_00007FF8A7ABF080
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A823EC CRYPTO_free,CRYPTO_malloc,memcmp,CRYPTO_memdup,10_2_00007FF8A7A823EC
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A8228E CRYPTO_free,10_2_00007FF8A7A8228E
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A82261 CRYPTO_zalloc,ERR_put_error,10_2_00007FF8A7A82261
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81B5E EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,10_2_00007FF8A7A81B5E
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7ACD040 CRYPTO_free,CRYPTO_free,10_2_00007FF8A7ACD040
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A96F93 CRYPTO_free,CRYPTO_strdup,ERR_put_error,ERR_put_error,10_2_00007FF8A7A96F93
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AB8FF0 EVP_MD_size,EVP_MD_CTX_new,EVP_DigestInit_ex,EVP_DigestFinal_ex,EVP_DigestInit_ex,BIO_ctrl,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_PKEY_new_raw_private_key,EVP_DigestSignInit,EVP_DigestUpdate,EVP_DigestSignFinal,CRYPTO_memcmp,OPENSSL_cleanse,OPENSSL_cleanse,EVP_PKEY_free,EVP_MD_CTX_free,10_2_00007FF8A7AB8FF0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81B4A CRYPTO_THREAD_write_lock,OPENSSL_LH_set_down_load,CRYPTO_THREAD_unlock,10_2_00007FF8A7A81B4A
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7ACAF60 X509_get0_pubkey,CRYPTO_malloc,RAND_bytes,EVP_PKEY_CTX_new,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_PKEY_CTX_free,10_2_00007FF8A7ACAF60
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81DAC CONF_parse_list,ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,10_2_00007FF8A7A81DAC
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A8EE90 EVP_MD_CTX_md,EVP_MD_size,CRYPTO_memcmp,EVP_MD_CTX_md,EVP_MD_CTX_md,EVP_MD_size,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,CRYPTO_memcmp,10_2_00007FF8A7A8EE90
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A9EE80 CRYPTO_THREAD_run_once,OPENSSL_sk_find,OPENSSL_sk_value,EVP_CIPHER_flags,EVP_get_cipherbyname,EVP_get_cipherbyname,EVP_get_cipherbyname,EVP_get_cipherbyname,EVP_get_cipherbyname,10_2_00007FF8A7A9EE80
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A88E30 CRYPTO_malloc,ERR_put_error,10_2_00007FF8A7A88E30
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AD0E00 CRYPTO_malloc,ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_zalloc,ERR_put_error,CRYPTO_free,10_2_00007FF8A7AD0E00
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81BF9 ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,OPENSSL_LH_new,OPENSSL_sk_num,EVP_get_digestbyname,EVP_get_digestbyname,OPENSSL_sk_new_null,OPENSSL_sk_new_null,CRYPTO_new_ex_data,RAND_bytes,RAND_priv_bytes,RAND_priv_bytes,RAND_priv_bytes,10_2_00007FF8A7A81BF9
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A8172B CRYPTO_free,CRYPTO_strndup,10_2_00007FF8A7A8172B
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AB6DC0 CRYPTO_free,CRYPTO_strdup,CRYPTO_free,10_2_00007FF8A7AB6DC0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A82545 CRYPTO_malloc,ERR_put_error,BIO_snprintf,10_2_00007FF8A7A82545
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A822DE ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,10_2_00007FF8A7A822DE
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AD0D60 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,10_2_00007FF8A7AD0D60
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AB6D50 CRYPTO_free,10_2_00007FF8A7AB6D50
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81FB9 BN_bin2bn,BN_is_zero,CRYPTO_free,CRYPTO_strdup,CRYPTO_clear_free,10_2_00007FF8A7A81FB9
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A817B7 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,10_2_00007FF8A7A817B7
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AB2C70 CRYPTO_THREAD_write_lock,OPENSSL_LH_insert,OPENSSL_LH_retrieve,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,10_2_00007FF8A7AB2C70
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A9CBB0 i2d_X509_NAME,i2d_X509_NAME,memcmp,CRYPTO_free,CRYPTO_free,10_2_00007FF8A7A9CBB0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81230 memcpy,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,memcmp,_time64,10_2_00007FF8A7A81230
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AACB90 ERR_put_error,ERR_put_error,ERR_put_error,EVP_MD_size,ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_malloc,ERR_put_error,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,ERR_put_error,EVP_PKEY_free,X509_get0_pubkey,X509_free,OPENSSL_sk_push,ERR_put_error,X509_free,ERR_put_error,10_2_00007FF8A7AACB90
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7ACABF0 memset,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free,10_2_00007FF8A7ACABF0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A86BE0 CRYPTO_zalloc,CRYPTO_free,10_2_00007FF8A7A86BE0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A88B20 CRYPTO_free,10_2_00007FF8A7A88B20
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AD6B00 EVP_MD_CTX_new,X509_get0_pubkey,EVP_PKEY_id,EVP_PKEY_id,EVP_PKEY_id,EVP_PKEY_size,EVP_DigestVerifyInit,EVP_PKEY_id,CRYPTO_malloc,BUF_reverse,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,EVP_DigestUpdate,EVP_MD_CTX_ctrl,EVP_DigestVerify,BIO_free,EVP_MD_CTX_free,CRYPTO_free,10_2_00007FF8A7AD6B00
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A9CB50 CRYPTO_get_ex_new_index,10_2_00007FF8A7A9CB50
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AE6AC0 CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,10_2_00007FF8A7AE6AC0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81357 memcmp,memcmp,EVP_CIPHER_CTX_free,CRYPTO_free,CRYPTO_free,memcmp,memcmp,memcpy,CRYPTO_free,CRYPTO_free,10_2_00007FF8A7A81357
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A818CF CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,10_2_00007FF8A7A818CF
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AAC9D0 ERR_put_error,CRYPTO_realloc,CRYPTO_realloc,ERR_put_error,10_2_00007FF8A7AAC9D0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AA4900 X509_VERIFY_PARAM_free,CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,ENGINE_finish,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,CRYPTO_THREAD_lock_free,CRYPTO_free,10_2_00007FF8A7AA4900
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A9A970 CRYPTO_THREAD_run_once,10_2_00007FF8A7A9A970
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A82252 BIO_s_file,BIO_new,BIO_ctrl,strncmp,strncmp,CRYPTO_realloc,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free,10_2_00007FF8A7A82252
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AA58A7 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,10_2_00007FF8A7AA58A7
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81695 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,10_2_00007FF8A7A81695
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A9D820 CRYPTO_THREAD_run_once,10_2_00007FF8A7A9D820
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81F6E CRYPTO_free,CRYPTO_memdup,10_2_00007FF8A7A81F6E
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81859 CRYPTO_free,CRYPTO_strndup,CRYPTO_free,OPENSSL_cleanse,_time64,memcpy,OPENSSL_cleanse,OPENSSL_cleanse,EVP_MD_size,10_2_00007FF8A7A81859
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81847 CRYPTO_free,10_2_00007FF8A7A81847
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A82400 CRYPTO_malloc,ERR_put_error,CRYPTO_free,10_2_00007FF8A7A82400
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AAF730 CRYPTO_free,EVP_PKEY_free,CRYPTO_free,10_2_00007FF8A7AAF730
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AB7770 CRYPTO_free,10_2_00007FF8A7AB7770
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AB36F0 CRYPTO_zalloc,ERR_put_error,_time64,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,10_2_00007FF8A7AB36F0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A976D0 EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_clear_free,10_2_00007FF8A7A976D0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A810A5 CRYPTO_zalloc,ERR_put_error,ERR_put_error,CRYPTO_free,EVP_PKEY_up_ref,X509_up_ref,EVP_PKEY_up_ref,X509_chain_up_ref,CRYPTO_malloc,memcpy,CRYPTO_malloc,memcpy,ERR_put_error,EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_malloc,memcpy,CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup,10_2_00007FF8A7A810A5
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AA9630 ERR_put_error,ERR_put_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_put_error,OPENSSL_sk_dup,X509_VERIFY_PARAM_new,X509_VERIFY_PARAM_inherit,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_malloc,memcpy,CRYPTO_new_ex_data,10_2_00007FF8A7AA9630
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81C44 X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,10_2_00007FF8A7A81C44
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A824AF CRYPTO_free,CRYPTO_malloc,memcpy,10_2_00007FF8A7A824AF
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AE7650 CRYPTO_free,CRYPTO_malloc,ERR_put_error,10_2_00007FF8A7AE7650
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A818C5 ERR_put_error,CRYPTO_free,CRYPTO_strdup,10_2_00007FF8A7A818C5
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81B04 CRYPTO_malloc,CRYPTO_mem_ctrl,OPENSSL_sk_find,CRYPTO_free,CRYPTO_mem_ctrl,ERR_put_error,OPENSSL_sk_push,CRYPTO_mem_ctrl,CRYPTO_free,CRYPTO_mem_ctrl,ERR_put_error,10_2_00007FF8A7A81B04
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7ADF5D0 EVP_PKEY_get0_RSA,RSA_size,RSA_size,CRYPTO_malloc,RAND_priv_bytes,CRYPTO_free,10_2_00007FF8A7ADF5D0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AEB5C0 memset,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_put_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,memset,10_2_00007FF8A7AEB5C0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7ADB530 CRYPTO_memcmp,10_2_00007FF8A7ADB530
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AD1520 CRYPTO_free,10_2_00007FF8A7AD1520
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A89540 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset,CRYPTO_free,10_2_00007FF8A7A89540
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A818BB CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,memset,10_2_00007FF8A7A818BB
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A99480 ASN1_item_d2i,ERR_put_error,ASN1_item_free,memcpy,_time64,X509_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,ASN1_item_free,10_2_00007FF8A7A99480
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A8141F EVP_PKEY_get1_tls_encodedpoint,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,10_2_00007FF8A7A8141F
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AB74D0 CRYPTO_free,10_2_00007FF8A7AB74D0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AB7460 CRYPTO_free,10_2_00007FF8A7AB7460
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A82446 CRYPTO_free,CRYPTO_memdup,ERR_put_error,10_2_00007FF8A7A82446
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A8231A CRYPTO_free,CRYPTO_memdup,10_2_00007FF8A7A8231A
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AA93D0 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,10_2_00007FF8A7AA93D0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AD33D0 CRYPTO_malloc,memcpy,10_2_00007FF8A7AD33D0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81028 EVP_PKEY_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_new,RSA_pkey_ctx_ctrl,CRYPTO_free,EVP_MD_CTX_free,EVP_MD_CTX_free,10_2_00007FF8A7A81028
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81A0A EVP_MD_size,EVP_CIPHER_iv_length,EVP_CIPHER_key_length,CRYPTO_clear_free,CRYPTO_malloc,10_2_00007FF8A7A81A0A
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AAD3C0 CRYPTO_malloc,CRYPTO_clear_free,10_2_00007FF8A7AAD3C0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AC7320 CRYPTO_free,CRYPTO_strndup,10_2_00007FF8A7AC7320
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81253 CRYPTO_free,10_2_00007FF8A7A81253
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AB7310 CRYPTO_free,CRYPTO_free,10_2_00007FF8A7AB7310
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A82144 EVP_MD_CTX_new,EVP_MD_CTX_copy_ex,CRYPTO_memcmp,memcpy,memcpy,10_2_00007FF8A7A82144
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A817A3 CRYPTO_free,10_2_00007FF8A7A817A3
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81005 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset,10_2_00007FF8A7A81005
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A823DD CRYPTO_free,CRYPTO_memdup,10_2_00007FF8A7A823DD
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7ACB2E0 BN_num_bits,BN_bn2bin,CRYPTO_free,CRYPTO_strdup,10_2_00007FF8A7ACB2E0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7ADF2D0 CRYPTO_free,CRYPTO_strndup,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,10_2_00007FF8A7ADF2D0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7ABF2C0 CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,10_2_00007FF8A7ABF2C0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7ADD230 OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,memcmp,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,CRYPTO_memcmp,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,10_2_00007FF8A7ADD230
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AB7270 CRYPTO_free,10_2_00007FF8A7AB7270
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AB31F0 CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,10_2_00007FF8A7AB31F0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A824D7 CRYPTO_malloc,ERR_put_error,memcpy,CRYPTO_free,CRYPTO_free,10_2_00007FF8A7A824D7
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A8207C CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,memset,10_2_00007FF8A7A8207C
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A8191F ERR_put_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_new_reserve,OPENSSL_sk_value,CRYPTO_dup_ex_data,BIO_ctrl,BIO_ctrl,BIO_up_ref,X509_VERIFY_PARAM_inherit,OPENSSL_sk_dup,OPENSSL_sk_dup,10_2_00007FF8A7A8191F
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AB5120 CRYPTO_malloc,CRYPTO_THREAD_lock_new,CRYPTO_new_ex_data,X509_up_ref,X509_chain_up_ref,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_dup_ex_data,CRYPTO_strdup,CRYPTO_memdup,ERR_put_error,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_memdup,10_2_00007FF8A7AB5120
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A9E0B0 CRYPTO_THREAD_run_once,10_2_00007FF8A7A9E0B0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A8E0A0 CRYPTO_free,10_2_00007FF8A7A8E0A0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AD80C0 CRYPTO_free,CRYPTO_memdup,10_2_00007FF8A7AD80C0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AC0070 CRYPTO_memcmp,10_2_00007FF8A7AC0070
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A8405B BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,ERR_put_error,BIO_set_init,BIO_clear_flags,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init,10_2_00007FF8A7A8405B
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7ABA050 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,10_2_00007FF8A7ABA050
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A9BFB0 CRYPTO_zalloc,ERR_put_error,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,10_2_00007FF8A7A9BFB0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A99FB0 CRYPTO_free,CRYPTO_strndup,10_2_00007FF8A7A99FB0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AD1F80 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,10_2_00007FF8A7AD1F80
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A87F80 CRYPTO_zalloc,ERR_put_error,10_2_00007FF8A7A87F80
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A89FF0 CRYPTO_malloc,memset,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,10_2_00007FF8A7A89FF0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A8DFF0 CRYPTO_free,10_2_00007FF8A7A8DFF0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AEBF20 SRP_Calc_u,BN_num_bits,CRYPTO_malloc,BN_bn2bin,BN_clear_free,BN_clear_free,CRYPTO_clear_free,BN_clear_free,10_2_00007FF8A7AEBF20
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81F01 CRYPTO_malloc,memcpy,memcpy,memcmp,memcmp,memcmp,ERR_put_error,CRYPTO_clear_free,10_2_00007FF8A7A81F01
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A95E80 CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,memset,CRYPTO_free,10_2_00007FF8A7A95E80
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81E6A CRYPTO_zalloc,ERR_put_error,BUF_MEM_grow,CRYPTO_free,10_2_00007FF8A7A81E6A
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AC7EC7 CRYPTO_clear_free,10_2_00007FF8A7AC7EC7
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AB9E30 CRYPTO_free,CRYPTO_memdup,10_2_00007FF8A7AB9E30
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A8150A CRYPTO_free,CRYPTO_malloc,ERR_put_error,memcpy,10_2_00007FF8A7A8150A
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A87E20 CRYPTO_zalloc,ERR_put_error,10_2_00007FF8A7A87E20
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A9DE70 COMP_zlib,CRYPTO_mem_ctrl,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,OPENSSL_sk_sort,CRYPTO_mem_ctrl,10_2_00007FF8A7A9DE70
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81CD5 CRYPTO_malloc,COMP_expand_block,10_2_00007FF8A7A81CD5
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A9FDA0 strncmp,strncmp,strncmp,strncmp,ERR_put_error,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,ERR_put_error,strncmp,CRYPTO_free,OPENSSL_sk_new_null,CRYPTO_free,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_push,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_free,CRYPTO_free,OPENSSL_sk_free,10_2_00007FF8A7A9FDA0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A816E5 CRYPTO_zalloc,10_2_00007FF8A7A816E5
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A9DD80 CRYPTO_mem_ctrl,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,OPENSSL_sk_push,OPENSSL_sk_sort,CRYPTO_mem_ctrl,10_2_00007FF8A7A9DD80
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81F28 CRYPTO_free,CRYPTO_malloc,memcpy,10_2_00007FF8A7A81F28
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7ABFDC0 CRYPTO_free,CRYPTO_free,10_2_00007FF8A7ABFDC0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81104 EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,10_2_00007FF8A7A81104
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A822CA ERR_put_error,CRYPTO_free,CRYPTO_strdup,10_2_00007FF8A7A822CA
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A87D20 CRYPTO_free,10_2_00007FF8A7A87D20
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AD7D00 CRYPTO_memcmp,10_2_00007FF8A7AD7D00
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AA3D40 CRYPTO_free,CRYPTO_memdup,10_2_00007FF8A7AA3D40
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A812E4 EVP_MD_size,RAND_bytes,_time64,CRYPTO_free,CRYPTO_memdup,10_2_00007FF8A7A812E4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A820F4 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,10_2_00007FF8A7A820F4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A824D2 OPENSSL_sk_new_null,d2i_X509,CRYPTO_free,OPENSSL_sk_push,OPENSSL_sk_num,CRYPTO_memcmp,CRYPTO_free,X509_free,OPENSSL_sk_pop_free,OPENSSL_sk_value,X509_get0_pubkey,X509_free,OPENSSL_sk_shift,OPENSSL_sk_pop_free,10_2_00007FF8A7A824D2
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7ACFC60 CRYPTO_free,CRYPTO_free,CRYPTO_strndup,10_2_00007FF8A7ACFC60
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AB9B90 CRYPTO_memcmp,10_2_00007FF8A7AB9B90
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81ABE CONF_parse_list,CRYPTO_malloc,ERR_put_error,memcpy,CRYPTO_free,CRYPTO_free,10_2_00007FF8A7A81ABE
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AA1BD0 CRYPTO_free,CRYPTO_strdup,10_2_00007FF8A7AA1BD0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A87BD0 CRYPTO_free,10_2_00007FF8A7A87BD0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A9FB30 CRYPTO_zalloc,ERR_put_error,CRYPTO_free,10_2_00007FF8A7A9FB30
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A8101E EVP_PKEY_free,BN_num_bits,BN_bn2bin,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_clear_free,10_2_00007FF8A7A8101E
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81686 CRYPTO_free,CRYPTO_memdup,10_2_00007FF8A7A81686
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7ABFAF0 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,10_2_00007FF8A7ABFAF0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7ADFAF0 BN_bin2bn,BN_ucmp,BN_is_zero,CRYPTO_free,CRYPTO_strdup,10_2_00007FF8A7ADFAF0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81870 CRYPTO_free,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,10_2_00007FF8A7A81870
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A82095 CRYPTO_free,_time64,CRYPTO_free,CRYPTO_malloc,EVP_sha256,EVP_Digest,EVP_MD_size,CRYPTO_free,10_2_00007FF8A7A82095
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81D8E BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,CRYPTO_free,CRYPTO_strdup,10_2_00007FF8A7A81D8E
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81663 CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,10_2_00007FF8A7A81663
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A8125D BIO_pop,BIO_free,BIO_free_all,BIO_free_all,BUF_MEM_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,SCT_LIST_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,ASYNC_WAIT_CTX_free,CRYPTO_free,OPENSSL_sk_free,CRYPTO_THREAD_lock_free,CRYPTO_free,10_2_00007FF8A7A8125D
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A8218F EVP_MD_CTX_new,EVP_PKEY_size,CRYPTO_malloc,EVP_DigestSignInit,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,EVP_DigestUpdate,EVP_MD_CTX_ctrl,EVP_DigestSignFinal,EVP_DigestSign,BUF_reverse,CRYPTO_free,EVP_MD_CTX_free,CRYPTO_free,EVP_MD_CTX_free,10_2_00007FF8A7A8218F
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A8215D CRYPTO_free,CRYPTO_malloc,RAND_bytes,10_2_00007FF8A7A8215D
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81C0D CRYPTO_free,CRYPTO_strdup,10_2_00007FF8A7A81C0D
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A8193A CRYPTO_free,CRYPTO_memdup,10_2_00007FF8A7A8193A
Source: wsx.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2268931600.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321843970.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: wsx.exe, 00000000.00000003.2265916752.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2316073120.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: ucrtbase.pdb source: wsx.exe, 00000002.00000002.4724039412.00007FF8B83A4000.00000002.00000001.01000000.00000004.sdmp, registry_65f93d51.exe, 0000000A.00000002.4723851835.00007FF8A8024000.00000002.00000001.01000000.00000019.sdmp, ucrtbase.dll.9.dr
Source: Binary string: C:\A\31\b\bin\amd64\python3.pdb source: wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4726746703.00007FF8BA502000.00000002.00000001.01000000.00000007.sdmp, registry_65f93d51.exe, 00000009.00000003.2325177610.000001BF4058A000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4725982927.00007FF8B8F72000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2265532853.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2314930930.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267638883.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320853844.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2268117839.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321320022.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: C:\A\31\b\bin\amd64\_bz2.pdb source: wsx.exe, 00000000.00000003.2263839273.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4726166568.00007FF8BA24E000.00000002.00000001.01000000.0000000A.sdmp, registry_65f93d51.exe, 00000009.00000003.2311725038.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4725034578.00007FF8B829E000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_multiprocessing.pdb source: wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2312503652.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_hashlib.pdb source: wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4725020792.00007FF8B9105000.00000002.00000001.01000000.00000011.sdmp, registry_65f93d51.exe, 00000009.00000003.2312259416.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4725343238.00007FF8B8795000.00000002.00000001.01000000.00000026.sdmp, _hashlib.pyd.9.dr
Source: Binary string: ~/.pdbrc source: wsx.exe, 00000002.00000002.4721310829.000001D6CECF0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721273657.000001DEEDFB0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266580337.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319802950.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2268227688.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321398734.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pdb.Pdb source: wsx.exe, 00000002.00000002.4721310829.000001D6CECF0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721273657.000001DEEDFB0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2266210989.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319475363.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2268040879.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321242799.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\unicodedata.pdb source: wsx.exe, 00000000.00000003.2279137450.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4722907835.00007FF8A8B05000.00000002.00000001.01000000.00000015.sdmp, registry_65f93d51.exe, 00000009.00000003.2327134026.000001BF40594000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4722044735.00007FF8A73C5000.00000002.00000001.01000000.0000002A.sdmp
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2268117839.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321320022.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2266929158.000001AA02355000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320119867.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2265342153.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2313965731.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2269224887.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2322097320.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266842790.000001AA02355000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320042183.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267715426.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320927539.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_asyncio.pdb source: wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4724186040.00007FF8B8F87000.00000002.00000001.01000000.00000016.sdmp, registry_65f93d51.exe, 00000009.00000003.2311554458.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4726060409.00007FF8B90B7000.00000002.00000001.01000000.0000002B.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_lzma.pdb source: wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4725576617.00007FF8B916D000.00000002.00000001.01000000.0000000B.sdmp, registry_65f93d51.exe, 00000009.00000003.2312377234.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4724695449.00007FF8B827D000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267207504.000001AA02355000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320300217.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2265818210.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2316009389.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_socket.pdb source: wsx.exe, 00000000.00000003.2264864812.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4725967855.00007FF8B9F69000.00000002.00000001.01000000.0000000C.sdmp, registry_65f93d51.exe, 00000009.00000003.2312771106.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4724412164.00007FF8B78B9000.00000002.00000001.01000000.00000021.sdmp
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2268040879.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321242799.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l2-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266016159.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2318890669.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2269224887.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2322097320.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-fibers-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2265721119.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2315920437.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\python38.pdb source: wsx.exe, 00000002.00000002.4723333080.00007FF8A8E04000.00000002.00000001.01000000.00000005.sdmp, registry_65f93d51.exe, 0000000A.00000002.4723375067.00007FF8A7E24000.00000002.00000001.01000000.0000001A.sdmp, python38.dll.0.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2266112696.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319389209.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267638883.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320853844.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: C:\A\31\b\bin\amd64\_lzma.pdbMM source: wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4725576617.00007FF8B916D000.00000002.00000001.01000000.0000000B.sdmp, registry_65f93d51.exe, 00000009.00000003.2312377234.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4724695449.00007FF8B827D000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: wsx.exe, 00000000.00000003.2267504733.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320775294.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_ctypes.pdb source: wsx.exe, 00000002.00000002.4725807752.00007FF8B9192000.00000002.00000001.01000000.00000008.sdmp, registry_65f93d51.exe, 0000000A.00000002.4725192076.00007FF8B82C2000.00000002.00000001.01000000.0000001D.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\win32wnet.pdb source: wsx.exe, 00000000.00000003.2279561845.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2327436277.000001BF4058B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2266842790.000001AA02355000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320042183.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.9.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1g 21 Apr 2020built on: Fri Jun 12 19:40:20 2020 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: wsx.exe, 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmp, registry_65f93d51.exe, 0000000A.00000002.4722693885.00007FF8A7617000.00000002.00000001.01000000.00000025.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_queue.pdb source: wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4724747960.00007FF8B90F3000.00000002.00000001.01000000.00000012.sdmp, registry_65f93d51.exe, 00000009.00000003.2312703924.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4724537307.00007FF8B8253000.00000002.00000001.01000000.00000027.sdmp, _queue.pyd.9.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: wsx.exe, 00000000.00000003.2266500836.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319729844.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: -c are executed after commands from .pdbrc files. source: wsx.exe, 00000002.00000002.4720209105.000001D6CE6DF000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDAE1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267360213.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320610765.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2269119940.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2322013187.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: wsx.exe, 00000000.00000003.2267090123.000001AA02355000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320205484.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2265532853.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2314930930.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266404717.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319652327.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266500836.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319729844.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2266698365.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319882300.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267289640.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320513643.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\agent\_work\3\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: wsx.exe, 00000000.00000003.2263634927.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2311210717.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Initial commands are read from .pdbrc files in your home directory source: wsx.exe, 00000002.00000002.4720209105.000001D6CE6DF000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDAE1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_ssl.pdb source: wsx.exe, 00000002.00000002.4725193346.00007FF8B911D000.00000002.00000001.01000000.0000000E.sdmp, registry_65f93d51.exe, 0000000A.00000002.4724117939.00007FF8B782D000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: api-ms-win-core-console-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2265342153.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2313965731.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2268796940.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321766183.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2269354500.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2322173948.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267432361.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320693436.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2266304966.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319574651.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267289640.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320513643.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2268227688.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321398734.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2269119940.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2322013187.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2268318304.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321475345.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.9.dr
Source: Binary string: d:\agent\_work\3\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: wsx.exe, 00000000.00000003.2263510921.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4727263141.00007FF8BFB30000.00000002.00000001.01000000.00000006.sdmp, registry_65f93d51.exe, 00000009.00000003.2310883925.000001BF40586000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4725680215.00007FF8B8B00000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2266580337.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319802950.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2269022242.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321926554.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.9.dr
Source: Binary string: placed in the .pdbrc file): source: wsx.exe, 00000002.00000002.4720673524.000001D6CE9B5000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720778267.000001DEEDC94000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_overlapped.pdb source: wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4724454005.00007FF8B90D5000.00000002.00000001.01000000.00000017.sdmp, registry_65f93d51.exe, 00000009.00000003.2312593294.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4726281498.00007FF8BA525000.00000002.00000001.01000000.0000002C.sdmp
Source: Binary string: If a file ".pdbrc" exists in your home directory or in the current source: wsx.exe, 00000002.00000002.4720673524.000001D6CE9B5000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720778267.000001DEEDC94000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267798188.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321008115.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr, api-ms-win-core-util-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267432361.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320693436.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266210989.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319475363.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2268439591.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321554854.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266112696.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319389209.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266929158.000001AA02355000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320119867.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2265628346.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2315422600.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2265818210.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2316009389.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-fibers-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2265721119.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2315920437.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267504733.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320775294.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267958915.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321163060.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2268796940.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321766183.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267798188.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321008115.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr, api-ms-win-core-util-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2265439691.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2314471193.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\6\b\libssl-1_1.pdb source: wsx.exe, 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmp, registry_65f93d51.exe, 0000000A.00000002.4723087461.00007FF8A7AF4000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2265628346.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2315422600.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdbUGP source: wsx.exe, 00000002.00000002.4724039412.00007FF8B83A4000.00000002.00000001.01000000.00000004.sdmp, registry_65f93d51.exe, 0000000A.00000002.4723851835.00007FF8A8024000.00000002.00000001.01000000.00000019.sdmp, ucrtbase.dll.9.dr
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2269022242.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321926554.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267958915.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321163060.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\6\b\libssl-1_1.pdb?? source: wsx.exe, 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmp, registry_65f93d51.exe, 0000000A.00000002.4723087461.00007FF8A7AF4000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdbGCTL source: wsx.exe, 00000000.00000003.2265916752.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2316073120.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267207504.000001AA02355000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320300217.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: wsx.exe, 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmp, registry_65f93d51.exe, 0000000A.00000002.4722693885.00007FF8A7617000.00000002.00000001.01000000.00000025.sdmp
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2265439691.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2314471193.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267878901.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321086900.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2268439591.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321554854.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266304966.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319574651.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2268318304.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321475345.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2269354500.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2322173948.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\select.pdb source: wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4725412867.00007FF8B9143000.00000002.00000001.01000000.0000000D.sdmp, registry_65f93d51.exe, 00000009.00000003.2326535528.000001BF4058B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4725502564.00007FF8B8833000.00000002.00000001.01000000.00000022.sdmp, select.pyd.0.dr
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267715426.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320927539.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267360213.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320610765.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: wsx.exe, 00000000.00000003.2266016159.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2318890669.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .pdbrc source: wsx.exe, 00000002.00000002.4721310829.000001D6CECF0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721273657.000001DEEDFB0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2266404717.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319652327.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266698365.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319882300.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2268931600.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321843970.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdbGCTL source: wsx.exe, 00000000.00000003.2267090123.000001AA02355000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320205484.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: The standard debugger class (pdb.Pdb) is an example. source: wsx.exe, 00000002.00000002.4720209105.000001D6CE80F000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4720209105.000001D6CE96B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDB33000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267878901.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321086900.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71F08E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7E71F08E4
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71D7790 FindFirstFileExW,FindClose,0_2_00007FF7E71D7790
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71E6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF7E71E6644
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71E6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF7E71E6644
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71F08E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF7E71F08E4
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71D7790 FindFirstFileExW,FindClose,2_2_00007FF7E71D7790
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71E6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF7E71E6644
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71E6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF7E71E6644
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8084471 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte,2_2_00007FF8A8084471
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5D6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,9_2_00007FF6BD5D6644
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5E08E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,9_2_00007FF6BD5E08E4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5C7790 FindFirstFileExW,FindClose,9_2_00007FF6BD5C7790
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5D6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,9_2_00007FF6BD5D6644
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5D6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,10_2_00007FF6BD5D6644
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5E08E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,10_2_00007FF6BD5E08E4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5C7790 FindFirstFileExW,FindClose,10_2_00007FF6BD5C7790
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5D6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,10_2_00007FF6BD5D6644
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D4471 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte,10_2_00007FF8A73D4471
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /conta.php HTTP/1.1Host: pontoslivelobb.servicos.wsUser-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: */*Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /conta.php HTTP/1.1Host: pontoslivelobb.servicos.wsUser-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: */*Connection: keep-alive
Source: global trafficDNS traffic detected: DNS query: pontoslivelobb.servicos.ws
Source: global trafficDNS traffic detected: DNS query: estudosadulto.educacao.ws
Source: wsx.exe, 00000002.00000002.4721018755.000001D6CEB00000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720985405.000001DEEDDC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
Source: registry_65f93d51.exe, 0000000A.00000002.4719712925.000001DEED590000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://91.92.246.171:5000/replace
Source: wsx.exe, 00000000.00000003.2279137450.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265229722.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264080444.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275028844.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275950894.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264228352.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276567966.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2279137450.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265342153.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275609971.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02361000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: wsx.exe, 00000000.00000003.2279137450.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265229722.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264080444.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275028844.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275950894.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264228352.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276567966.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2279137450.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265342153.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275609971.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02366000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718119614.000001DEEAFED000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4720209105.000001D6CE893000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDAE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDAE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crln
Source: registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crlpd/
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE893000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl~
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: wsx.exe, 00000002.00000002.4719391565.000001D6CE0C0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDAE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: wsx.exe, 00000002.00000002.4719391565.000001D6CE0C0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDAE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl__exit__c
Source: wsx.exe, 00000000.00000003.2265229722.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264080444.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275028844.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275950894.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264228352.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276567966.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2279137450.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275609971.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264864812.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263839273.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2326535528.000001BF4058B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crll__.
Source: wsx.exe, 00000000.00000003.2279137450.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265229722.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264080444.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275028844.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275950894.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264228352.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276567966.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2279137450.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265342153.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275609971.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02361000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: wsx.exe, 00000000.00000003.2279137450.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265229722.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264080444.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275028844.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275950894.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264228352.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276567966.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2279137450.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265342153.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275609971.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02366000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2312377234.000001BF40588000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAss
Source: wsx.exe, 00000000.00000003.2279137450.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265229722.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264080444.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275028844.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275950894.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264228352.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276567966.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2279137450.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265342153.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275609971.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02361000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: wsx.exe, 00000000.00000003.2279137450.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265229722.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264080444.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275028844.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275950894.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264228352.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276567966.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2279137450.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265342153.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275609971.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02366000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: wsx.exe, 00000002.00000002.4720967947.000001D6CEAC0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720357983.000001DEED980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: wsx.exe, 00000002.00000002.4720673524.000001D6CE9B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.p
Source: wsx.exe, 00000002.00000002.4721431850.000001D6CEDB0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721388934.000001DEEE070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.kill
Source: wsx.exe, 00000002.00000002.4721391137.000001D6CED70000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721388934.000001DEEE070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
Source: wsx.exe, 00000002.00000002.4721352219.000001D6CED30000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721308581.000001DEEDFF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.terminate
Source: wsx.exe, 00000002.00000002.4720673524.000001D6CE9B5000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720778267.000001DEEDC94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/unittest.html
Source: registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: wsx.exe, 00000002.00000002.4718299020.000001D6CBE7E000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED090000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail
Source: registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: wsx.exe, 00000002.00000002.4718299020.000001D6CBE7E000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED165000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://httpbin.org/
Source: registry_65f93d51.exe, 0000000A.00000002.4719438072.000001DEED4CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://json.org
Source: wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: wsx.exe, 00000000.00000003.2279137450.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265229722.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264080444.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275028844.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275950894.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264228352.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276567966.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2279137450.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265342153.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275609971.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264864812.000001AA02354000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: wsx.exe, 00000000.00000003.2279137450.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265229722.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264080444.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275028844.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275950894.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264228352.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276567966.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2279137450.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265342153.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275609971.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02366000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
Source: wsx.exe, 00000000.00000003.2274110280.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264080444.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275028844.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275950894.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264228352.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276567966.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2279137450.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275609971.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264864812.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263839273.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2326535528.000001BF4058B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2312259416.000001BF40588000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
Source: wsx.exe, 00000002.00000002.4721755051.000001D6CF710000.00000004.00001000.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4719580106.000001D6CE2D0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719712925.000001DEED590000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721662924.000001DEEE210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://pontoslivelobb.servicos.ws/conta.php
Source: wsx.exe, 00000002.00000002.4719391565.000001D6CE0C0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2333460204.000001DEED165000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pontoslivelobb.servicos.ws/conta.phprg
Source: wsx.exe, 00000002.00000002.4719391565.000001D6CE0C0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2333460204.000001DEED165000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pontoslivelobb.servicos.ws/conta.phprg)
Source: wsx.exe, 00000002.00000002.4719580106.000001D6CE2D0000.00000004.00001000.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4719391565.000001D6CE0C0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2333460204.000001DEED165000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED165000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719712925.000001DEED590000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://pontoslivelobb.servicos.ws/salva.php
Source: python38.dll.0.drString found in binary or memory: http://python.org/dev/peps/pep-0263/
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4720209105.000001D6CE893000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDB8C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDAE1000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE893000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/0R
Source: registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDAE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/Hd
Source: registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDAE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/t
Source: wsx.exe, 00000002.00000002.4719910052.000001D6CE4E0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720018075.000001DEED7A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: wsx.exe, 00000000.00000003.2265229722.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264080444.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275028844.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275950894.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264228352.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276567966.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2279137450.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275609971.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264864812.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263839273.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2326535528.000001BF4058B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: wsx.exe, 00000000.00000003.2265229722.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264080444.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275028844.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275950894.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264228352.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276567966.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2279137450.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275609971.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264864812.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263839273.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2326535528.000001BF4058B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: wsx.exe, 00000000.00000003.2265229722.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264080444.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275028844.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275950894.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264228352.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276567966.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2279137450.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275609971.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264864812.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263839273.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2326535528.000001BF4058B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719438072.000001DEED4CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: wsx.exe, 00000002.00000002.4719391565.000001D6CE211000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED090000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: wsx.exe, 00000002.00000002.4719391565.000001D6CE211000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED090000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
Source: wsx.exe, 00000002.00000002.4718299020.000001D6CBDDE000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: registry_65f93d51.exe, 0000000A.00000003.2333601164.000001DEED401000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: wsx.exe, 00000002.00000002.4719391565.000001D6CE0C0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2333794430.000001DEED42A000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719438072.000001DEED3B0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2333601164.000001DEED401000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: registry_65f93d51.exe, 0000000A.00000003.2333601164.000001DEED401000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE80F000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2332400133.000001DEEB0C6000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719438072.000001DEED569000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2332488463.000001DEEB0C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.python.org/
Source: wsx.exe, 00000000.00000003.2279765483.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4719280774.000001D6CDFF0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2327588294.000001BF4058B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719310887.000001DEED2B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.python.org/dev/peps/pep-0205/
Source: wsx.exe, 00000002.00000002.4718850807.000001D6CD760000.00000004.00001000.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290828612.000001D6CDDB1000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718867536.000001DEECED0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.python.org/download/releases/2.3/mro/.
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED090000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED090000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cpsd
Source: wsx.exe, 00000002.00000002.4719391565.000001D6CE211000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEED9C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: wsx.exe, 00000002.00000002.4718299020.000001D6CBE7E000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED090000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://yahoo.com/
Source: wsx.exe, 00000002.00000002.4719763286.000001D6CE3D0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719870837.000001DEED690000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cloud.google.com/appengine/docs/standard/runtimes
Source: wsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://codecov.io/github/pyca/cryptography/coverage.svg?branch=master
Source: wsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://codecov.io/github/pyca/cryptography?branch=master
Source: wsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io
Source: wsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/
Source: wsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/installation.html
Source: wsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/security.html
Source: registry_65f93d51.exe, 0000000A.00000002.4720778267.000001DEEDC94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.microsof
Source: wsx.exe, 00000002.00000002.4721755051.000001D6CF710000.00000004.00001000.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4720209105.000001D6CE777000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4721310829.000001D6CECF0000.00000004.00001000.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4721473524.000001D6CEE00000.00000004.00001000.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4721062499.000001D6CEB40000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721601148.000001DEEE1D0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721429022.000001DEEE0C0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721021413.000001DEEDE00000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721273657.000001DEEDFB0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719438072.000001DEED390000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://estudosadulto.educacao.ws/contador/contador.php
Source: wsx.exe, 00000002.00000002.4721755051.000001D6CF710000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://estudosadulto.educacao.ws/contador/contador.php0
Source: wsx.exe, 00000002.00000002.4721755051.000001D6CF710000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://estudosadulto.educacao.ws/contador/contador.php0wt
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE793000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719438072.000001DEED569000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: wsx.exe, 00000002.00000003.2289908865.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2291758750.000001D6CBE90000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290464010.000001D6CBE5A000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4718299020.000001D6CBE7E000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290287018.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4718299020.000001D6CBDDE000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290158960.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2289611735.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290609085.000001D6CBE5A000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718119614.000001DEEAFED000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2331071299.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2329999010.000001DEEB03C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2329900306.000001DEEB041000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2330062853.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2330349702.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718119614.000001DEEB08B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2330602280.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: wsx.exe, 00000002.00000002.4721239599.000001D6CEC70000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721200938.000001DEEDF30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/asweigart/pyperclip/issues/55
Source: wsx.exe, 00000000.00000003.2279561845.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277366073.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2326535528.000001BF4058B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2326414155.000001BF4058A000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2327436277.000001BF4058B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/mhammond/pywin32
Source: wsx.exe, 00000002.00000002.4721239599.000001D6CEC70000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721200938.000001DEEDF30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
Source: wsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography
Source: wsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
Source: wsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/issues
Source: wsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=master
Source: wsx.exe, 00000002.00000002.4718686995.000001D6CD660000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718710013.000001DEECC90000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2329900306.000001DEEB041000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: registry_65f93d51.exe, 0000000A.00000003.2330602280.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: wsx.exe, 00000002.00000003.2289908865.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2291758750.000001D6CBE90000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290464010.000001D6CBE5A000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4718299020.000001D6CBE7E000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290287018.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4718299020.000001D6CBDDE000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290158960.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2289611735.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290609085.000001D6CBE5A000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718119614.000001DEEAFED000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2331071299.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2329999010.000001DEEB03C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2329900306.000001DEEB041000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2330062853.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2330349702.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718119614.000001DEEB08B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2330602280.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: wsx.exe, 00000002.00000003.2289908865.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2291758750.000001D6CBE90000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290464010.000001D6CBE5A000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4718299020.000001D6CBE7E000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290287018.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4718299020.000001D6CBDDE000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290158960.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2289611735.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290609085.000001D6CBE5A000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718119614.000001DEEAFED000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2331071299.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2329999010.000001DEEB03C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2329900306.000001DEEB041000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2330062853.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2330349702.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718119614.000001DEEB08B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2330602280.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: wsx.exe, 00000002.00000002.4719391565.000001D6CE211000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: registry_65f93d51.exe, 0000000A.00000002.4719870837.000001DEED690000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/497
Source: wsx.exe, 00000002.00000002.4718299020.000001D6CBE7E000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED165000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: registry_65f93d51.exe, 0000000A.00000002.4721200938.000001DEEDF30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: wsx.exe, 00000002.00000002.4719019125.000001D6CDE98000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2333460204.000001DEED165000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: wsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE80F000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2332400133.000001DEEB0C6000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719438072.000001DEED569000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2332488463.000001DEEB0C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: wsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
Source: wsx.exe, 00000002.00000002.4721204773.000001D6CEC30000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721156944.000001DEEDEF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pyperclip.readthedocs.io/en/latest/index.html#not-implemented-error
Source: wsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://pypi.org/project/cryptography/
Source: wsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
Source: wsx.exe, 00000002.00000002.4721204773.000001D6CEC30000.00000004.00001000.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4719019125.000001D6CDE98000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2333460204.000001DEED165000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721156944.000001DEEDEF0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: wsx.exe, 00000002.00000002.4721239599.000001D6CEC70000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721200938.000001DEEDF30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/18905702/python-ctypes-and-mutable-buffers
Source: wsx.exe, 00000002.00000002.4721239599.000001D6CEC70000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721200938.000001DEEDF30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/455434/how-should-i-use-formatmessage-properly-in-c
Source: wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: wsx.exe, 00000002.00000002.4718299020.000001D6CBE7E000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED165000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: wsx.exe, 00000002.00000002.4719832400.000001D6CE450000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719943391.000001DEED710000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy
Source: registry_65f93d51.exe, 0000000A.00000002.4719943391.000001DEED710000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
Source: wsx.exe, 00000002.00000002.4719727193.000001D6CE390000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719831009.000001DEED650000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warningsPv
Source: wsx.exe, 00000002.00000002.4719945013.000001D6CE530000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720060998.000001DEED7F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/stable/v2-migration-guide.html
Source: wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/html/sec-forms.html#multipart-form-data
Source: wsx.exe, 00000000.00000003.2280497122.000001AA0235A000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328258629.000001BF4058B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/
Source: wsx.exe, 00000000.00000003.2280623300.000001AA02368000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2280497122.000001AA0235A000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2280468813.000001AA02368000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328258629.000001BF4058B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328328440.000001BF40599000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328258629.000001BF40599000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: wsx.exe, 00000000.00000003.2279137450.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265229722.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264080444.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275028844.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275950894.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264228352.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276567966.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2279137450.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265342153.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275609971.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02366000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: wsx.exe, 00000000.00000003.2275609971.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmp, wsx.exe, 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmp, registry_65f93d51.exe, 00000009.00000003.2324775684.000001BF4058A000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4722906514.00007FF8A770D000.00000002.00000001.01000000.00000025.sdmp, registry_65f93d51.exe, 0000000A.00000002.4723140745.00007FF8A7B29000.00000002.00000001.01000000.00000024.sdmpString found in binary or memory: https://www.openssl.org/H
Source: wsx.exe, 00000002.00000002.4719019125.000001D6CDE98000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2333460204.000001DEED165000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED165000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719438072.000001DEED3B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71D67600_2_00007FF7E71D6760
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71F4D500_2_00007FF7E71F4D50
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71F5C9C0_2_00007FF7E71F5C9C
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71E08D00_2_00007FF7E71E08D0
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71F30FC0_2_00007FF7E71F30FC
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71F08E40_2_00007FF7E71F08E4
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71E10F00_2_00007FF7E71E10F0
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71F57500_2_00007FF7E71F5750
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71E27300_2_00007FF7E71E2730
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71E66440_2_00007FF7E71E6644
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71F4FCC0_2_00007FF7E71F4FCC
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71ECFC80_2_00007FF7E71ECFC8
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71E66440_2_00007FF7E71E6644
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71ED6480_2_00007FF7E71ED648
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71E4E800_2_00007FF7E71E4E80
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71E6EC80_2_00007FF7E71E6EC8
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71E0EE40_2_00007FF7E71E0EE4
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71E1DA00_2_00007FF7E71E1DA0
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71E64900_2_00007FF7E71E6490
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71EF9380_2_00007FF7E71EF938
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71F2C600_2_00007FF7E71F2C60
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71D9CC00_2_00007FF7E71D9CC0
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71E0CE00_2_00007FF7E71E0CE0
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71E2B340_2_00007FF7E71E2B34
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71ECB340_2_00007FF7E71ECB34
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71D1B900_2_00007FF7E71D1B90
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71E0AD40_2_00007FF7E71E0AD4
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71E8AD00_2_00007FF7E71E8AD0
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71F8A980_2_00007FF7E71F8A98
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71E12F40_2_00007FF7E71E12F4
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71EF9380_2_00007FF7E71EF938
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71F4D502_2_00007FF7E71F4D50
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71F5C9C2_2_00007FF7E71F5C9C
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71E08D02_2_00007FF7E71E08D0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71F30FC2_2_00007FF7E71F30FC
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71F08E42_2_00007FF7E71F08E4
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71E10F02_2_00007FF7E71E10F0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71F57502_2_00007FF7E71F5750
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71E27302_2_00007FF7E71E2730
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71E66442_2_00007FF7E71E6644
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71D67602_2_00007FF7E71D6760
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71F4FCC2_2_00007FF7E71F4FCC
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71ECFC82_2_00007FF7E71ECFC8
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71E66442_2_00007FF7E71E6644
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71ED6482_2_00007FF7E71ED648
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71E4E802_2_00007FF7E71E4E80
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71E6EC82_2_00007FF7E71E6EC8
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71E0EE42_2_00007FF7E71E0EE4
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71E1DA02_2_00007FF7E71E1DA0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71E64902_2_00007FF7E71E6490
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71EF9382_2_00007FF7E71EF938
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71F2C602_2_00007FF7E71F2C60
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71D9CC02_2_00007FF7E71D9CC0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71E0CE02_2_00007FF7E71E0CE0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71E2B342_2_00007FF7E71E2B34
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71ECB342_2_00007FF7E71ECB34
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71D1B902_2_00007FF7E71D1B90
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71E0AD42_2_00007FF7E71E0AD4
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71E8AD02_2_00007FF7E71E8AD0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71F8A982_2_00007FF7E71F8A98
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71E12F42_2_00007FF7E71E12F4
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71EF9382_2_00007FF7E71EF938
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80821172_2_00007FF8A8082117
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80865AA2_2_00007FF8A80865AA
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A816A9D02_2_00007FF8A816A9D0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8086A0F2_2_00007FF8A8086A0F
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8081BCC2_2_00007FF8A8081BCC
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80812A82_2_00007FF8A80812A8
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80851E62_2_00007FF8A80851E6
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8083EAE2_2_00007FF8A8083EAE
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80834B32_2_00007FF8A80834B3
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8083EBD2_2_00007FF8A8083EBD
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A81BED802_2_00007FF8A81BED80
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80860F02_2_00007FF8A80860F0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8082A2C2_2_00007FF8A8082A2C
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A81AEE102_2_00007FF8A81AEE10
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80852362_2_00007FF8A8085236
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8084B832_2_00007FF8A8084B83
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A809EF002_2_00007FF8A809EF00
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80826762_2_00007FF8A8082676
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A809F0602_2_00007FF8A809F060
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8082B302_2_00007FF8A8082B30
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A808655F2_2_00007FF8A808655F
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80860142_2_00007FF8A8086014
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8084DB32_2_00007FF8A8084DB3
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A808692E2_2_00007FF8A808692E
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80841382_2_00007FF8A8084138
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80825902_2_00007FF8A8082590
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A81625102_2_00007FF8A8162510
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A821E5702_2_00007FF8A821E570
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8084E8A2_2_00007FF8A8084E8A
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8081AE62_2_00007FF8A8081AE6
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A81B66A02_2_00007FF8A81B66A0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8081EB52_2_00007FF8A8081EB5
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80852132_2_00007FF8A8085213
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80819DD2_2_00007FF8A80819DD
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A808105F2_2_00007FF8A808105F
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A808672B2_2_00007FF8A808672B
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80860EB2_2_00007FF8A80860EB
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8081F782_2_00007FF8A8081F78
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A82B79702_2_00007FF8A82B7970
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80EFA002_2_00007FF8A80EFA00
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8083C242_2_00007FF8A8083C24
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80825092_2_00007FF8A8082509
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A821BAD02_2_00007FF8A821BAD0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A81BFB402_2_00007FF8A81BFB40
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8233BE02_2_00007FF8A8233BE0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8081B9A2_2_00007FF8A8081B9A
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80838692_2_00007FF8A8083869
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80820132_2_00007FF8A8082013
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A809BD602_2_00007FF8A809BD60
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8082BF82_2_00007FF8A8082BF8
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A808135C2_2_00007FF8A808135C
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A808514B2_2_00007FF8A808514B
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A81ABF302_2_00007FF8A81ABF30
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80871A82_2_00007FF8A80871A8
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A809BF202_2_00007FF8A809BF20
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A808380F2_2_00007FF8A808380F
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8082C572_2_00007FF8A8082C57
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A808628F2_2_00007FF8A808628F
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80848DB2_2_00007FF8A80848DB
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A821B1502_2_00007FF8A821B150
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80825182_2_00007FF8A8082518
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A809F2002_2_00007FF8A809F200
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80846602_2_00007FF8A8084660
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A808188E2_2_00007FF8A808188E
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80828332_2_00007FF8A8082833
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8081B772_2_00007FF8A8081B77
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8085BA52_2_00007FF8A8085BA5
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80AB4C02_2_00007FF8A80AB4C0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A81AB5902_2_00007FF8A81AB590
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8083DC82_2_00007FF8A8083DC8
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8082BCB2_2_00007FF8A8082BCB
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A821F6D02_2_00007FF8A821F6D0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8084B332_2_00007FF8A8084B33
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80812C12_2_00007FF8A80812C1
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80811DB2_2_00007FF8A80811DB
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80AB8502_2_00007FF8A80AB850
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A808402F2_2_00007FF8A808402F
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80829372_2_00007FF8A8082937
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80864292_2_00007FF8A8086429
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A81B49D02_2_00007FF8A81B49D0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A808298C2_2_00007FF8A808298C
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8086E922_2_00007FF8A8086E92
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A808320B2_2_00007FF8A808320B
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80865322_2_00007FF8A8086532
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80810412_2_00007FF8A8081041
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A808609B2_2_00007FF8A808609B
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A808452F2_2_00007FF8A808452F
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A81B4CE02_2_00007FF8A81B4CE0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80840162_2_00007FF8A8084016
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8081AF02_2_00007FF8A8081AF0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8081E7E2_2_00007FF8A8081E7E
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80860002_2_00007FF8A8086000
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80858942_2_00007FF8A8085894
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80837422_2_00007FF8A8083742
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80830992_2_00007FF8A8083099
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80866D62_2_00007FF8A80866D6
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A81C01402_2_00007FF8A81C0140
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80871C62_2_00007FF8A80871C6
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A81302002_2_00007FF8A8130200
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A808572C2_2_00007FF8A808572C
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8082AC22_2_00007FF8A8082AC2
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A808704A2_2_00007FF8A808704A
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80839722_2_00007FF8A8083972
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A808734C2_2_00007FF8A808734C
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8082EB42_2_00007FF8A8082EB4
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A809C4802_2_00007FF8A809C480
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A808111D2_2_00007FF8A808111D
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80850242_2_00007FF8A8085024
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80812EE2_2_00007FF8A80812EE
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A82205F02_2_00007FF8A82205F0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A809C6202_2_00007FF8A809C620
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80831392_2_00007FF8A8083139
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8083DD22_2_00007FF8A8083DD2
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8085D082_2_00007FF8A8085D08
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80862EE2_2_00007FF8A80862EE
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80817E42_2_00007FF8A80817E4
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8084DF92_2_00007FF8A8084DF9
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80835DF2_2_00007FF8A80835DF
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8086BBD2_2_00007FF8A8086BBD
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80851E12_2_00007FF8A80851E1
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8235AA02_2_00007FF8A8235AA0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A81B9A802_2_00007FF8A81B9A80
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80837F12_2_00007FF8A80837F1
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A808242D2_2_00007FF8A808242D
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8084BAB2_2_00007FF8A8084BAB
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A808227F2_2_00007FF8A808227F
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A808489A2_2_00007FF8A808489A
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8082A952_2_00007FF8A8082A95
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A808592F2_2_00007FF8A808592F
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A808309E2_2_00007FF8A808309E
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80836DE2_2_00007FF8A80836DE
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A81B5E902_2_00007FF8A81B5E90
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80823472_2_00007FF8A8082347
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80862442_2_00007FF8A8086244
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80824AF2_2_00007FF8A80824AF
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8082D652_2_00007FF8A8082D65
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80844302_2_00007FF8A8084430
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8081C262_2_00007FF8A8081C26
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80871D52_2_00007FF8A80871D5
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8083E272_2_00007FF8A8083E27
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80A52002_2_00007FF8A80A5200
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80845CA2_2_00007FF8A80845CA
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A809D2602_2_00007FF8A809D260
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A81B12B02_2_00007FF8A81B12B0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A82352F02_2_00007FF8A82352F0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80849A82_2_00007FF8A80849A8
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80824AA2_2_00007FF8A80824AA
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80818392_2_00007FF8A8081839
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80811CC2_2_00007FF8A80811CC
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8085BD22_2_00007FF8A8085BD2
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8083EEA2_2_00007FF8A8083EEA
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80837652_2_00007FF8A8083765
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8082F312_2_00007FF8A8082F31
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8083C012_2_00007FF8A8083C01
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8082E372_2_00007FF8A8082E37
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80827662_2_00007FF8A8082766
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A808732E2_2_00007FF8A808732E
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8082E0F2_2_00007FF8A8082E0F
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8A012C02_2_00007FF8A8A012C0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8A018F02_2_00007FF8A8A018F0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A93001F02_2_00007FF8A93001F0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F13572_2_00007FF8A92F1357
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F24912_2_00007FF8A92F2491
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9322C702_2_00007FF8A9322C70
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F6D302_2_00007FF8A92F6D30
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F12B22_2_00007FF8A92F12B2
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9302D502_2_00007FF8A9302D50
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F19242_2_00007FF8A92F1924
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9328FF02_2_00007FF8A9328FF0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F15CD2_2_00007FF8A92F15CD
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1E832_2_00007FF8A92F1E83
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A93587802_2_00007FF8A9358780
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F23F62_2_00007FF8A92F23F6
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92FFAD52_2_00007FF8A92FFAD5
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1E7E2_2_00007FF8A92F1E7E
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A93059802_2_00007FF8A9305980
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F24D22_2_00007FF8A92F24D2
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F12E42_2_00007FF8A92F12E4
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1C032_2_00007FF8A92F1C03
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A930F4002_2_00007FF8A930F400
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1BBD2_2_00007FF8A92F1BBD
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5E4D509_2_00007FF6BD5E4D50
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5C67609_2_00007FF6BD5C6760
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5E5C9C9_2_00007FF6BD5E5C9C
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5D4E809_2_00007FF6BD5D4E80
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5D66449_2_00007FF6BD5D6644
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5DD6489_2_00007FF6BD5DD648
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5D27309_2_00007FF6BD5D2730
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5D0EE49_2_00007FF6BD5D0EE4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5D6EC89_2_00007FF6BD5D6EC8
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5D1DA09_2_00007FF6BD5D1DA0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5E30FC9_2_00007FF6BD5E30FC
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5E08E49_2_00007FF6BD5E08E4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5D10F09_2_00007FF6BD5D10F0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5D08D09_2_00007FF6BD5D08D0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5D66449_2_00007FF6BD5D6644
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5E57509_2_00007FF6BD5E5750
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5E4FCC9_2_00007FF6BD5E4FCC
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5DCFC89_2_00007FF6BD5DCFC8
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5E8A989_2_00007FF6BD5E8A98
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5D2B349_2_00007FF6BD5D2B34
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5DCB349_2_00007FF6BD5DCB34
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5D12F49_2_00007FF6BD5D12F4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5D0AD49_2_00007FF6BD5D0AD4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5D8AD09_2_00007FF6BD5D8AD0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5DF9389_2_00007FF6BD5DF938
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5D64909_2_00007FF6BD5D6490
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5DF9389_2_00007FF6BD5DF938
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5E2C609_2_00007FF6BD5E2C60
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5D0CE09_2_00007FF6BD5D0CE0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5C9CC09_2_00007FF6BD5C9CC0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5C1B909_2_00007FF6BD5C1B90
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5E4D5010_2_00007FF6BD5E4D50
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5E5C9C10_2_00007FF6BD5E5C9C
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5D4E8010_2_00007FF6BD5D4E80
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5D664410_2_00007FF6BD5D6644
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5DD64810_2_00007FF6BD5DD648
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5D273010_2_00007FF6BD5D2730
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5D0EE410_2_00007FF6BD5D0EE4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5D6EC810_2_00007FF6BD5D6EC8
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5D1DA010_2_00007FF6BD5D1DA0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5E30FC10_2_00007FF6BD5E30FC
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5E08E410_2_00007FF6BD5E08E4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5D10F010_2_00007FF6BD5D10F0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5D08D010_2_00007FF6BD5D08D0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5D664410_2_00007FF6BD5D6644
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5C676010_2_00007FF6BD5C6760
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5E575010_2_00007FF6BD5E5750
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5E4FCC10_2_00007FF6BD5E4FCC
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5DCFC810_2_00007FF6BD5DCFC8
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5E8A9810_2_00007FF6BD5E8A98
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5D2B3410_2_00007FF6BD5D2B34
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5DCB3410_2_00007FF6BD5DCB34
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5D12F410_2_00007FF6BD5D12F4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5D0AD410_2_00007FF6BD5D0AD4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5D8AD010_2_00007FF6BD5D8AD0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5DF93810_2_00007FF6BD5DF938
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5D649010_2_00007FF6BD5D6490
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5DF93810_2_00007FF6BD5DF938
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5E2C6010_2_00007FF6BD5E2C60
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5D0CE010_2_00007FF6BD5D0CE0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5C9CC010_2_00007FF6BD5C9CC0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5C1B9010_2_00007FF6BD5C1B90
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A72C18F010_2_00007FF8A72C18F0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A72C12C010_2_00007FF8A72C12C0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D672B10_2_00007FF8A73D672B
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D1F7810_2_00007FF8A73D1F78
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D60EB10_2_00007FF8A73D60EB
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D19DD10_2_00007FF8A73D19DD
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D105F10_2_00007FF8A73D105F
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D1AE610_2_00007FF8A73D1AE6
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D521310_2_00007FF8A73D5213
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D1EB510_2_00007FF8A73D1EB5
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A75066A010_2_00007FF8A75066A0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A756E57010_2_00007FF8A756E570
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A74B251010_2_00007FF8A74B2510
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D4E8A10_2_00007FF8A73D4E8A
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D692E10_2_00007FF8A73D692E
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D259010_2_00007FF8A73D2590
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D413810_2_00007FF8A73D4138
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D655F10_2_00007FF8A73D655F
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D601410_2_00007FF8A73D6014
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D4DB310_2_00007FF8A73D4DB3
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D2B3010_2_00007FF8A73D2B30
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73EF06010_2_00007FF8A73EF060
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D267610_2_00007FF8A73D2676
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73EEF0010_2_00007FF8A73EEF00
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A74FEE1010_2_00007FF8A74FEE10
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D2A2C10_2_00007FF8A73D2A2C
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D60F010_2_00007FF8A73D60F0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D4B8310_2_00007FF8A73D4B83
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D523610_2_00007FF8A73D5236
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D3EBD10_2_00007FF8A73D3EBD
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A750ED8010_2_00007FF8A750ED80
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D34B310_2_00007FF8A73D34B3
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D3EAE10_2_00007FF8A73D3EAE
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D51E610_2_00007FF8A73D51E6
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D12A810_2_00007FF8A73D12A8
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D1BCC10_2_00007FF8A73D1BCC
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D6A0F10_2_00007FF8A73D6A0F
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D211710_2_00007FF8A73D2117
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A74BA9D010_2_00007FF8A74BA9D0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D65AA10_2_00007FF8A73D65AA
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73FB85010_2_00007FF8A73FB850
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D402F10_2_00007FF8A73D402F
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D11DB10_2_00007FF8A73D11DB
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D12C110_2_00007FF8A73D12C1
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D2BCB10_2_00007FF8A73D2BCB
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D4B3310_2_00007FF8A73D4B33
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A756F6D010_2_00007FF8A756F6D0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D3DC810_2_00007FF8A73D3DC8
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A74FB59010_2_00007FF8A74FB590
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D1B7710_2_00007FF8A73D1B77
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D283310_2_00007FF8A73D2833
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D188E10_2_00007FF8A73D188E
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73FB4C010_2_00007FF8A73FB4C0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D5BA510_2_00007FF8A73D5BA5
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D466010_2_00007FF8A73D4660
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73EF20010_2_00007FF8A73EF200
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D48DB10_2_00007FF8A73D48DB
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A756B15010_2_00007FF8A756B150
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D251810_2_00007FF8A73D2518
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D2C5710_2_00007FF8A73D2C57
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D380F10_2_00007FF8A73D380F
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D628F10_2_00007FF8A73D628F
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D71A810_2_00007FF8A73D71A8
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73EBF2010_2_00007FF8A73EBF20
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A74FBF3010_2_00007FF8A74FBF30
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D2BF810_2_00007FF8A73D2BF8
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D514B10_2_00007FF8A73D514B
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D135C10_2_00007FF8A73D135C
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73EBD6010_2_00007FF8A73EBD60
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D201310_2_00007FF8A73D2013
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D386910_2_00007FF8A73D3869
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D1B9A10_2_00007FF8A73D1B9A
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A750FB4010_2_00007FF8A750FB40
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7583BE010_2_00007FF8A7583BE0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D250910_2_00007FF8A73D2509
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A743FA0010_2_00007FF8A743FA00
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D3C2410_2_00007FF8A73D3C24
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A756BAD010_2_00007FF8A756BAD0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A760797010_2_00007FF8A7607970
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D4DF910_2_00007FF8A73D4DF9
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D62EE10_2_00007FF8A73D62EE
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D17E410_2_00007FF8A73D17E4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D313910_2_00007FF8A73D3139
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D3DD210_2_00007FF8A73D3DD2
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73EC62010_2_00007FF8A73EC620
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D5D0810_2_00007FF8A73D5D08
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D502410_2_00007FF8A73D5024
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A75705F010_2_00007FF8A75705F0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D12EE10_2_00007FF8A73D12EE
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D111D10_2_00007FF8A73D111D
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73EC48010_2_00007FF8A73EC480
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D2EB410_2_00007FF8A73D2EB4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D734C10_2_00007FF8A73D734C
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D2AC210_2_00007FF8A73D2AC2
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D572C10_2_00007FF8A73D572C
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A748020010_2_00007FF8A7480200
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D397210_2_00007FF8A73D3972
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D704A10_2_00007FF8A73D704A
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A751014010_2_00007FF8A7510140
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D66D610_2_00007FF8A73D66D6
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D71C610_2_00007FF8A73D71C6
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D374210_2_00007FF8A73D3742
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D589410_2_00007FF8A73D5894
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D309910_2_00007FF8A73D3099
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D600010_2_00007FF8A73D6000
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D1E7E10_2_00007FF8A73D1E7E
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D401610_2_00007FF8A73D4016
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D1AF010_2_00007FF8A73D1AF0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D452F10_2_00007FF8A73D452F
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D609B10_2_00007FF8A73D609B
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7504CE010_2_00007FF8A7504CE0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D653210_2_00007FF8A73D6532
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D104110_2_00007FF8A73D1041
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D320B10_2_00007FF8A73D320B
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D6E9210_2_00007FF8A73D6E92
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D298C10_2_00007FF8A73D298C
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D642910_2_00007FF8A73D6429
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D293710_2_00007FF8A73D2937
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A75049D010_2_00007FF8A75049D0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D2E0F10_2_00007FF8A73D2E0F
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D2E3710_2_00007FF8A73D2E37
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D276610_2_00007FF8A73D2766
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D3C0110_2_00007FF8A73D3C01
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D732E10_2_00007FF8A73D732E
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D376510_2_00007FF8A73D3765
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D2F3110_2_00007FF8A73D2F31
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D183910_2_00007FF8A73D1839
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D3EEA10_2_00007FF8A73D3EEA
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D5BD210_2_00007FF8A73D5BD2
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D11CC10_2_00007FF8A73D11CC
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D49A810_2_00007FF8A73D49A8
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D24AA10_2_00007FF8A73D24AA
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73ED26010_2_00007FF8A73ED260
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D45CA10_2_00007FF8A73D45CA
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73F520010_2_00007FF8A73F5200
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A75852F010_2_00007FF8A75852F0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A75012B010_2_00007FF8A75012B0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D71D510_2_00007FF8A73D71D5
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D1C2610_2_00007FF8A73D1C26
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D3E2710_2_00007FF8A73D3E27
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D2D6510_2_00007FF8A73D2D65
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D24AF10_2_00007FF8A73D24AF
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D443010_2_00007FF8A73D4430
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D624410_2_00007FF8A73D6244
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D234710_2_00007FF8A73D2347
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D36DE10_2_00007FF8A73D36DE
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7505E9010_2_00007FF8A7505E90
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D592F10_2_00007FF8A73D592F
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D309E10_2_00007FF8A73D309E
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D227F10_2_00007FF8A73D227F
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D4BAB10_2_00007FF8A73D4BAB
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D2A9510_2_00007FF8A73D2A95
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D489A10_2_00007FF8A73D489A
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D37F110_2_00007FF8A73D37F1
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D242D10_2_00007FF8A73D242D
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D51E110_2_00007FF8A73D51E1
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D6BBD10_2_00007FF8A73D6BBD
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7585AA010_2_00007FF8A7585AA0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7509A8010_2_00007FF8A7509A80
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D35DF10_2_00007FF8A73D35DF
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A901F010_2_00007FF8A7A901F0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AE878010_2_00007FF8A7AE8780
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A815CD10_2_00007FF8A7A815CD
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81E8310_2_00007FF8A7A81E83
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A8192410_2_00007FF8A7A81924
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AB8FF010_2_00007FF8A7AB8FF0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A86D3010_2_00007FF8A7A86D30
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A812B210_2_00007FF8A7A812B2
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A92D5010_2_00007FF8A7A92D50
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AB2C7010_2_00007FF8A7AB2C70
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A8249110_2_00007FF8A7A82491
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A8135710_2_00007FF8A7A81357
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7ADF5D010_2_00007FF8A7ADF5D0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A8B52010_2_00007FF8A7A8B520
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A9F40010_2_00007FF8A7A9F400
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81BBD10_2_00007FF8A7A81BBD
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81C0310_2_00007FF8A7A81C03
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A812E410_2_00007FF8A7A812E4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A824D210_2_00007FF8A7A824D2
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A823F610_2_00007FF8A7A823F6
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A8FAD510_2_00007FF8A7A8FAD5
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A9598010_2_00007FF8A7A95980
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81E7E10_2_00007FF8A7A81E7E
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7F6C92010_2_00007FF8A7F6C920
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7F6F99010_2_00007FF8A7F6F990
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7F649C410_2_00007FF8A7F649C4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7F909CC10_2_00007FF8A7F909CC
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7F74B1810_2_00007FF8A7F74B18
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A8016BCC10_2_00007FF8A8016BCC
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7F80BCA10_2_00007FF8A7F80BCA
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7F87BDC10_2_00007FF8A7F87BDC
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7F77C4010_2_00007FF8A7F77C40
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7F65E2A10_2_00007FF8A7F65E2A
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7FD306410_2_00007FF8A7FD3064
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7F7407010_2_00007FF8A7F74070
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: String function: 00007FF8A73D5DEE appears 738 times
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: String function: 00007FF8A73D4106 appears 385 times
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: String function: 00007FF8A73D1FC8 appears 55 times
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: String function: 00007FF8A73D4697 appears 138 times
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: String function: 00007FF8A73D1055 appears 1559 times
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: String function: 00007FF8A73D4205 appears 47 times
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: String function: 00007FF8A7A81023 appears 575 times
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: String function: 00007FF8A73D2004 appears 31 times
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: String function: 00007FF8A7AEC50F appears 194 times
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: String function: 00007FF8A7AEC5A5 appears 103 times
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: String function: 00007FF6BD5C2770 appears 82 times
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: String function: 00007FF8A73D1C0D appears 119 times
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: String function: 00007FF8A73D2072 appears 82 times
Source: C:\Users\user\Desktop\wsx.exeCode function: String function: 00007FF8A8084106 appears 385 times
Source: C:\Users\user\Desktop\wsx.exeCode function: String function: 00007FF8A8081FC8 appears 55 times
Source: C:\Users\user\Desktop\wsx.exeCode function: String function: 00007FF7E71D2770 appears 82 times
Source: C:\Users\user\Desktop\wsx.exeCode function: String function: 00007FF8A8085DEE appears 738 times
Source: C:\Users\user\Desktop\wsx.exeCode function: String function: 00007FF8A8082072 appears 82 times
Source: C:\Users\user\Desktop\wsx.exeCode function: String function: 00007FF8A8081C0D appears 119 times
Source: C:\Users\user\Desktop\wsx.exeCode function: String function: 00007FF8A935C50F appears 168 times
Source: C:\Users\user\Desktop\wsx.exeCode function: String function: 00007FF8A935C5A5 appears 94 times
Source: C:\Users\user\Desktop\wsx.exeCode function: String function: 00007FF8A8082004 appears 31 times
Source: C:\Users\user\Desktop\wsx.exeCode function: String function: 00007FF8A8081055 appears 1559 times
Source: C:\Users\user\Desktop\wsx.exeCode function: String function: 00007FF8A8084205 appears 47 times
Source: C:\Users\user\Desktop\wsx.exeCode function: String function: 00007FF8A8084697 appears 138 times
Source: C:\Users\user\Desktop\wsx.exeCode function: String function: 00007FF8A92F1023 appears 499 times
Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: python3.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-fibers-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-fibers-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: python3.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
Source: wsx.exe, 00000000.00000003.2266016159.000001AA0235B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2265229722.000001AA02354000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2264080444.000001AA02354000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2267207504.000001AA02355000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2265916752.000001AA0235B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2265628346.000001AA0235B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2275950894.000001AA02359000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2266929158.000001AA02355000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2265342153.000001AA0235B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2268117839.000001AA02356000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2279561845.000001AA02359000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32wnet.pyd0 vs wsx.exe
Source: wsx.exe, 00000000.00000003.2267638883.000001AA02356000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2264228352.000001AA02354000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2268227688.000001AA02356000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2276567966.000001AA02359000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython38.dll. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2268439591.000001AA02356000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2267432361.000001AA02356000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2279137450.000001AA02359000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2277933525.000001AA02359000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2266112696.000001AA0235B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2265818210.000001AA02354000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2267289640.000001AA02356000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2277366073.000001AA02359000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepywintypes38.dll0 vs wsx.exe
Source: wsx.exe, 00000000.00000003.2269022242.000001AA02356000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2268040879.000001AA02356000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2267360213.000001AA02356000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2267958915.000001AA02356000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2265439691.000001AA0235B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2267504733.000001AA02356000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2266842790.000001AA02355000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2263634927.000001AA02354000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs wsx.exe
Source: wsx.exe, 00000000.00000003.2275609971.000001AA02359000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs wsx.exe
Source: wsx.exe, 00000000.00000003.2265532853.000001AA0235B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2267878901.000001AA02356000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2277501724.000001AA02366000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2267090123.000001AA02355000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2266698365.000001AA0235B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2266210989.000001AA0235B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2266304966.000001AA0235B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2269354500.000001AA02356000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2264770739.000001AA02361000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2268796940.000001AA02356000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2266500836.000001AA02354000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2265721119.000001AA0235B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2267715426.000001AA02356000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2264864812.000001AA02354000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2263839273.000001AA02354000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2269224887.000001AA02356000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2267798188.000001AA02356000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2268318304.000001AA02356000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2266404717.000001AA0235B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2269119940.000001AA02356000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2266580337.000001AA0235B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2268931600.000001AA02356000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2263510921.000001AA02354000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs wsx.exe
Source: wsx.exeBinary or memory string: OriginalFilename vs wsx.exe
Source: wsx.exe, 00000002.00000002.4725467852.00007FF8B9146000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs wsx.exe
Source: wsx.exe, 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilenamelibsslH vs wsx.exe
Source: wsx.exe, 00000002.00000002.4724237780.00007FF8B8F8F000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs wsx.exe
Source: wsx.exe, 00000002.00000002.4725873934.00007FF8B919D000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs wsx.exe
Source: wsx.exe, 00000002.00000002.4726267406.00007FF8BA254000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs wsx.exe
Source: wsx.exe, 00000002.00000002.4724900014.00007FF8B90F6000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs wsx.exe
Source: wsx.exe, 00000002.00000002.4726029014.00007FF8B9F73000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs wsx.exe
Source: wsx.exe, 00000002.00000002.4726746703.00007FF8BA502000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs wsx.exe
Source: wsx.exe, 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs wsx.exe
Source: wsx.exe, 00000002.00000002.4724505913.00007FF8B90DA000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs wsx.exe
Source: wsx.exe, 00000002.00000002.4725101733.00007FF8B910A000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs wsx.exe
Source: wsx.exe, 00000002.00000002.4724106871.00007FF8B83E2000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs wsx.exe
Source: wsx.exe, 00000002.00000002.4725681636.00007FF8B9176000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs wsx.exe
Source: wsx.exe, 00000002.00000002.4725322126.00007FF8B9134000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs wsx.exe
Source: wsx.exe, 00000002.00000002.4723139253.00007FF8A8B0B000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs wsx.exe
Source: wsx.exe, 00000002.00000002.4727543324.00007FF8BFB37000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs wsx.exe
Source: wsx.exe, 00000002.00000002.4723675434.00007FF8A8F17000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamepython38.dll. vs wsx.exe
Source: classification engineClassification label: mal68.evad.winEXE@21/160@2/2
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71D7420 GetLastError,FormatMessageW,WideCharToMultiByte,0_2_00007FF7E71D7420
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Roaming\SoftwareJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6616:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6004:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6496:120:WilError_03
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562Jump to behavior
Source: wsx.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\wsx.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: wsx.exeVirustotal: Detection: 13%
Source: C:\Users\user\Desktop\wsx.exeFile read: C:\Users\user\Desktop\wsx.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\wsx.exe "C:\Users\user\Desktop\wsx.exe"
Source: C:\Users\user\Desktop\wsx.exeProcess created: C:\Users\user\Desktop\wsx.exe "C:\Users\user\Desktop\wsx.exe"
Source: C:\Users\user\Desktop\wsx.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "schtasks /query /tn "registry_65f93d51.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /query /tn "registry_65f93d51.exe"
Source: C:\Users\user\Desktop\wsx.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "schtasks /create /tn "registry_65f93d51.exe" /tr "C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe" /sc onlogon /rl highest /f"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "registry_65f93d51.exe" /tr "C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe" /sc onlogon /rl highest /f
Source: unknownProcess created: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeProcess created: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "schtasks /query /tn "registry_65f93d51.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /query /tn "registry_65f93d51.exe"
Source: C:\Users\user\Desktop\wsx.exeProcess created: C:\Users\user\Desktop\wsx.exe "C:\Users\user\Desktop\wsx.exe"Jump to behavior
Source: C:\Users\user\Desktop\wsx.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "schtasks /query /tn "registry_65f93d51.exe""Jump to behavior
Source: C:\Users\user\Desktop\wsx.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "schtasks /create /tn "registry_65f93d51.exe" /tr "C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe" /sc onlogon /rl highest /f"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /query /tn "registry_65f93d51.exe"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "registry_65f93d51.exe" /tr "C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe" /sc onlogon /rl highest /fJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeProcess created: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "schtasks /query /tn "registry_65f93d51.exe""Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /query /tn "registry_65f93d51.exe"Jump to behavior
Source: C:\Users\user\Desktop\wsx.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\wsx.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\wsx.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\wsx.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\wsx.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\wsx.exeSection loaded: libffi-7.dllJump to behavior
Source: C:\Users\user\Desktop\wsx.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\wsx.exeSection loaded: libcrypto-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\wsx.exeSection loaded: libssl-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\wsx.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\wsx.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\wsx.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\wsx.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\wsx.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeSection loaded: libffi-7.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeSection loaded: libcrypto-1_1.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeSection loaded: libssl-1_1.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\wsx.exeFile opened: C:\Users\user\Desktop\pyvenv.cfgJump to behavior
Source: wsx.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: wsx.exeStatic file information: File size 10090064 > 1048576
Source: wsx.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: wsx.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: wsx.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: wsx.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: wsx.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: wsx.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: wsx.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: wsx.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2268931600.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321843970.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: wsx.exe, 00000000.00000003.2265916752.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2316073120.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: ucrtbase.pdb source: wsx.exe, 00000002.00000002.4724039412.00007FF8B83A4000.00000002.00000001.01000000.00000004.sdmp, registry_65f93d51.exe, 0000000A.00000002.4723851835.00007FF8A8024000.00000002.00000001.01000000.00000019.sdmp, ucrtbase.dll.9.dr
Source: Binary string: C:\A\31\b\bin\amd64\python3.pdb source: wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4726746703.00007FF8BA502000.00000002.00000001.01000000.00000007.sdmp, registry_65f93d51.exe, 00000009.00000003.2325177610.000001BF4058A000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4725982927.00007FF8B8F72000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2265532853.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2314930930.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267638883.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320853844.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2268117839.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321320022.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: C:\A\31\b\bin\amd64\_bz2.pdb source: wsx.exe, 00000000.00000003.2263839273.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4726166568.00007FF8BA24E000.00000002.00000001.01000000.0000000A.sdmp, registry_65f93d51.exe, 00000009.00000003.2311725038.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4725034578.00007FF8B829E000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_multiprocessing.pdb source: wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2312503652.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_hashlib.pdb source: wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4725020792.00007FF8B9105000.00000002.00000001.01000000.00000011.sdmp, registry_65f93d51.exe, 00000009.00000003.2312259416.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4725343238.00007FF8B8795000.00000002.00000001.01000000.00000026.sdmp, _hashlib.pyd.9.dr
Source: Binary string: ~/.pdbrc source: wsx.exe, 00000002.00000002.4721310829.000001D6CECF0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721273657.000001DEEDFB0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266580337.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319802950.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2268227688.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321398734.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pdb.Pdb source: wsx.exe, 00000002.00000002.4721310829.000001D6CECF0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721273657.000001DEEDFB0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2266210989.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319475363.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2268040879.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321242799.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\unicodedata.pdb source: wsx.exe, 00000000.00000003.2279137450.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4722907835.00007FF8A8B05000.00000002.00000001.01000000.00000015.sdmp, registry_65f93d51.exe, 00000009.00000003.2327134026.000001BF40594000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4722044735.00007FF8A73C5000.00000002.00000001.01000000.0000002A.sdmp
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2268117839.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321320022.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2266929158.000001AA02355000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320119867.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2265342153.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2313965731.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2269224887.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2322097320.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266842790.000001AA02355000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320042183.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267715426.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320927539.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_asyncio.pdb source: wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4724186040.00007FF8B8F87000.00000002.00000001.01000000.00000016.sdmp, registry_65f93d51.exe, 00000009.00000003.2311554458.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4726060409.00007FF8B90B7000.00000002.00000001.01000000.0000002B.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_lzma.pdb source: wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4725576617.00007FF8B916D000.00000002.00000001.01000000.0000000B.sdmp, registry_65f93d51.exe, 00000009.00000003.2312377234.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4724695449.00007FF8B827D000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267207504.000001AA02355000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320300217.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2265818210.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2316009389.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_socket.pdb source: wsx.exe, 00000000.00000003.2264864812.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4725967855.00007FF8B9F69000.00000002.00000001.01000000.0000000C.sdmp, registry_65f93d51.exe, 00000009.00000003.2312771106.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4724412164.00007FF8B78B9000.00000002.00000001.01000000.00000021.sdmp
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2268040879.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321242799.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l2-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266016159.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2318890669.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2269224887.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2322097320.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-fibers-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2265721119.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2315920437.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\python38.pdb source: wsx.exe, 00000002.00000002.4723333080.00007FF8A8E04000.00000002.00000001.01000000.00000005.sdmp, registry_65f93d51.exe, 0000000A.00000002.4723375067.00007FF8A7E24000.00000002.00000001.01000000.0000001A.sdmp, python38.dll.0.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2266112696.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319389209.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267638883.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320853844.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: C:\A\31\b\bin\amd64\_lzma.pdbMM source: wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4725576617.00007FF8B916D000.00000002.00000001.01000000.0000000B.sdmp, registry_65f93d51.exe, 00000009.00000003.2312377234.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4724695449.00007FF8B827D000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: wsx.exe, 00000000.00000003.2267504733.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320775294.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_ctypes.pdb source: wsx.exe, 00000002.00000002.4725807752.00007FF8B9192000.00000002.00000001.01000000.00000008.sdmp, registry_65f93d51.exe, 0000000A.00000002.4725192076.00007FF8B82C2000.00000002.00000001.01000000.0000001D.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\win32wnet.pdb source: wsx.exe, 00000000.00000003.2279561845.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2327436277.000001BF4058B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2266842790.000001AA02355000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320042183.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.9.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1g 21 Apr 2020built on: Fri Jun 12 19:40:20 2020 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: wsx.exe, 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmp, registry_65f93d51.exe, 0000000A.00000002.4722693885.00007FF8A7617000.00000002.00000001.01000000.00000025.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_queue.pdb source: wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4724747960.00007FF8B90F3000.00000002.00000001.01000000.00000012.sdmp, registry_65f93d51.exe, 00000009.00000003.2312703924.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4724537307.00007FF8B8253000.00000002.00000001.01000000.00000027.sdmp, _queue.pyd.9.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: wsx.exe, 00000000.00000003.2266500836.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319729844.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: -c are executed after commands from .pdbrc files. source: wsx.exe, 00000002.00000002.4720209105.000001D6CE6DF000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDAE1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267360213.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320610765.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2269119940.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2322013187.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: wsx.exe, 00000000.00000003.2267090123.000001AA02355000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320205484.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2265532853.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2314930930.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266404717.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319652327.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266500836.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319729844.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2266698365.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319882300.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267289640.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320513643.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\agent\_work\3\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: wsx.exe, 00000000.00000003.2263634927.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2311210717.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Initial commands are read from .pdbrc files in your home directory source: wsx.exe, 00000002.00000002.4720209105.000001D6CE6DF000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDAE1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_ssl.pdb source: wsx.exe, 00000002.00000002.4725193346.00007FF8B911D000.00000002.00000001.01000000.0000000E.sdmp, registry_65f93d51.exe, 0000000A.00000002.4724117939.00007FF8B782D000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: api-ms-win-core-console-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2265342153.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2313965731.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2268796940.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321766183.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2269354500.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2322173948.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267432361.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320693436.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2266304966.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319574651.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267289640.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320513643.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2268227688.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321398734.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2269119940.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2322013187.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2268318304.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321475345.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.9.dr
Source: Binary string: d:\agent\_work\3\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: wsx.exe, 00000000.00000003.2263510921.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4727263141.00007FF8BFB30000.00000002.00000001.01000000.00000006.sdmp, registry_65f93d51.exe, 00000009.00000003.2310883925.000001BF40586000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4725680215.00007FF8B8B00000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2266580337.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319802950.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2269022242.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321926554.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.9.dr
Source: Binary string: placed in the .pdbrc file): source: wsx.exe, 00000002.00000002.4720673524.000001D6CE9B5000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720778267.000001DEEDC94000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_overlapped.pdb source: wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4724454005.00007FF8B90D5000.00000002.00000001.01000000.00000017.sdmp, registry_65f93d51.exe, 00000009.00000003.2312593294.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4726281498.00007FF8BA525000.00000002.00000001.01000000.0000002C.sdmp
Source: Binary string: If a file ".pdbrc" exists in your home directory or in the current source: wsx.exe, 00000002.00000002.4720673524.000001D6CE9B5000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720778267.000001DEEDC94000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267798188.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321008115.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr, api-ms-win-core-util-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267432361.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320693436.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266210989.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319475363.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2268439591.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321554854.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266112696.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319389209.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266929158.000001AA02355000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320119867.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2265628346.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2315422600.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2265818210.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2316009389.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-fibers-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2265721119.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2315920437.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267504733.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320775294.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267958915.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321163060.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2268796940.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321766183.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267798188.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321008115.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr, api-ms-win-core-util-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2265439691.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2314471193.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\6\b\libssl-1_1.pdb source: wsx.exe, 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmp, registry_65f93d51.exe, 0000000A.00000002.4723087461.00007FF8A7AF4000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2265628346.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2315422600.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdbUGP source: wsx.exe, 00000002.00000002.4724039412.00007FF8B83A4000.00000002.00000001.01000000.00000004.sdmp, registry_65f93d51.exe, 0000000A.00000002.4723851835.00007FF8A8024000.00000002.00000001.01000000.00000019.sdmp, ucrtbase.dll.9.dr
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2269022242.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321926554.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267958915.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321163060.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\6\b\libssl-1_1.pdb?? source: wsx.exe, 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmp, registry_65f93d51.exe, 0000000A.00000002.4723087461.00007FF8A7AF4000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdbGCTL source: wsx.exe, 00000000.00000003.2265916752.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2316073120.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267207504.000001AA02355000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320300217.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: wsx.exe, 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmp, registry_65f93d51.exe, 0000000A.00000002.4722693885.00007FF8A7617000.00000002.00000001.01000000.00000025.sdmp
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2265439691.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2314471193.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267878901.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321086900.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2268439591.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321554854.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266304966.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319574651.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2268318304.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321475345.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2269354500.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2322173948.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\select.pdb source: wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4725412867.00007FF8B9143000.00000002.00000001.01000000.0000000D.sdmp, registry_65f93d51.exe, 00000009.00000003.2326535528.000001BF4058B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4725502564.00007FF8B8833000.00000002.00000001.01000000.00000022.sdmp, select.pyd.0.dr
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267715426.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320927539.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267360213.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320610765.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: wsx.exe, 00000000.00000003.2266016159.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2318890669.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .pdbrc source: wsx.exe, 00000002.00000002.4721310829.000001D6CECF0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721273657.000001DEEDFB0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2266404717.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319652327.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266698365.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319882300.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2268931600.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321843970.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdbGCTL source: wsx.exe, 00000000.00000003.2267090123.000001AA02355000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320205484.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: The standard debugger class (pdb.Pdb) is an example. source: wsx.exe, 00000002.00000002.4720209105.000001D6CE80F000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4720209105.000001D6CE96B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDB33000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267878901.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321086900.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: wsx.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: wsx.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: wsx.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: wsx.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: wsx.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: api-ms-win-core-console-l1-1-0.dll.0.drStatic PE information: 0x6F5B3627 [Thu Mar 15 05:56:55 2029 UTC]
Source: wsx.exeStatic PE information: section name: _RDATA
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: registry_65f93d51.exe.2.drStatic PE information: section name: _RDATA
Source: libcrypto-1_1.dll.9.drStatic PE information: section name: .00cfg
Source: libssl-1_1.dll.9.drStatic PE information: section name: .00cfg
Source: VCRUNTIME140.dll.9.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A9335B81 push rcx; ret 2_2_00007FF8A9335B82
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7AC5B81 push rcx; ret 10_2_00007FF8A7AC5B82
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7F8EB55 push rdi; ret 10_2_00007FF8A7F8EB5B
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7F6126A push qword ptr [rdi+rbp-01h]; ret 10_2_00007FF8A7F6126F
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\libffi-7.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\_bz2.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\charset_normalizer\md__mypyc.cp38-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\ucrtbase.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\_lzma.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-fibers-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\charset_normalizer\md.cp38-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\_cffi_backend.cp38-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-fibers-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\_queue.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\_ssl.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\bcrypt\_bcrypt.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\win32wnet.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\cryptography\hazmat\bindings\_openssl.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\python38.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\pywin32_system32\pywintypes38.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\bcrypt\_bcrypt.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\select.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\ucrtbase.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\_bz2.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\select.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\python3.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\libffi-7.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\_queue.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\_socket.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\_cffi_backend.cp38-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\python38.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\pywin32_system32\pywintypes38.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\pyexpat.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\win32wnet.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\charset_normalizer\md.cp38-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\_overlapped.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\cryptography\hazmat\bindings\_openssl.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\charset_normalizer\md__mypyc.cp38-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\_asyncio.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI18922\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file

Boot Survival

barindex
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /query /tn "registry_65f93d51.exe"
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71D3DD0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF7E71D3DD0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8083251 rdtsc 2_2_00007FF8A8083251
Source: C:\Users\user\Desktop\wsx.exeWindow / User API: threadDelayed 1580Jump to behavior
Source: C:\Users\user\Desktop\wsx.exeWindow / User API: threadDelayed 8418Jump to behavior
Source: C:\Users\user\Desktop\wsx.exeWindow / User API: foregroundWindowGot 1776Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeWindow / User API: threadDelayed 8484Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeWindow / User API: threadDelayed 1514Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeWindow / User API: foregroundWindowGot 1777Jump to behavior
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\_hashlib.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\_ctypes.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\_bz2.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\charset_normalizer\md__mypyc.cp38-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\_lzma.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-fibers-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\charset_normalizer\md.cp38-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\_cffi_backend.cp38-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-fibers-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\_queue.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\_ssl.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\bcrypt\_bcrypt.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\_decimal.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\win32wnet.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\cryptography\hazmat\bindings\_openssl.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\python38.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\pywin32_system32\pywintypes38.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\_ctypes.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\bcrypt\_bcrypt.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\select.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\_bz2.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\select.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\_queue.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\_socket.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\_cffi_backend.cp38-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\python38.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\pywin32_system32\pywintypes38.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\pyexpat.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\win32wnet.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\charset_normalizer\md.cp38-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\cryptography\hazmat\bindings\_openssl.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\charset_normalizer\md__mypyc.cp38-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\_asyncio.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\python3.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\wsx.exeAPI coverage: 1.8 %
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeAPI coverage: 1.6 %
Source: C:\Users\user\Desktop\wsx.exe TID: 1120Thread sleep count: 1580 > 30Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe TID: 1120Thread sleep time: -790000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\wsx.exe TID: 1120Thread sleep count: 8418 > 30Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe TID: 1120Thread sleep time: -4209000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe TID: 6524Thread sleep count: 8484 > 30Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe TID: 6524Thread sleep time: -4242000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe TID: 6524Thread sleep count: 1514 > 30Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe TID: 6524Thread sleep time: -757000s >= -30000sJump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71F08E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7E71F08E4
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71D7790 FindFirstFileExW,FindClose,0_2_00007FF7E71D7790
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71E6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF7E71E6644
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71E6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF7E71E6644
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71F08E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF7E71F08E4
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71D7790 FindFirstFileExW,FindClose,2_2_00007FF7E71D7790
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71E6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF7E71E6644
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71E6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF7E71E6644
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8084471 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte,2_2_00007FF8A8084471
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5D6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,9_2_00007FF6BD5D6644
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5E08E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,9_2_00007FF6BD5E08E4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5C7790 FindFirstFileExW,FindClose,9_2_00007FF6BD5C7790
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5D6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,9_2_00007FF6BD5D6644
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5D6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,10_2_00007FF6BD5D6644
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5E08E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,10_2_00007FF6BD5E08E4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5C7790 FindFirstFileExW,FindClose,10_2_00007FF6BD5C7790
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5D6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,10_2_00007FF6BD5D6644
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D4471 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte,10_2_00007FF8A73D4471
Source: wsx.exe, 00000000.00000003.2280085504.000001AA0235A000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2327919764.000001BF4058B000.00000004.00000020.00020000.00000000.sdmp, cacert.pem.0.drBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
Source: registry_65f93d51.exe, 0000000A.00000003.2333460204.000001DEED0B6000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWoto %SystemRoot%\system32\mswsock.dllad() method that
Source: wsx.exe, 00000002.00000003.2291758750.000001D6CBE90000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4718299020.000001D6CBE7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd

Anti Debugging

barindex
Potentially malicious time measurement code found
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80865002_2_00007FF8A8086500
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A80863C02_2_00007FF8A80863C0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D650010_2_00007FF8A73D6500
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D63C010_2_00007FF8A73D63C0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8083251 rdtsc 2_2_00007FF8A8083251
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71DB5DC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7E71DB5DC
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71F24D0 GetProcessHeap,0_2_00007FF7E71F24D0
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71DAFC4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7E71DAFC4
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71DB7C0 SetUnhandledExceptionFilter,0_2_00007FF7E71DB7C0
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71DB5DC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7E71DB5DC
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71E9A14 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7E71E9A14
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71DAFC4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF7E71DAFC4
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71DB7C0 SetUnhandledExceptionFilter,2_2_00007FF7E71DB7C0
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71DB5DC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF7E71DB5DC
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF7E71E9A14 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF7E71E9A14
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8084FED __scrt_fastfail,IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A8084FED
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8A02A38 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8A8A02A38
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8A033B4 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A8A033B4
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8A0359C SetUnhandledExceptionFilter,2_2_00007FF8A8A0359C
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A92F1D75 __scrt_fastfail,IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A92F1D75
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5CB5DC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00007FF6BD5CB5DC
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5CAFC4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_00007FF6BD5CAFC4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5CB7C0 SetUnhandledExceptionFilter,9_2_00007FF6BD5CB7C0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 9_2_00007FF6BD5D9A14 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00007FF6BD5D9A14
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5CB5DC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00007FF6BD5CB5DC
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5CAFC4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_00007FF6BD5CAFC4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5CB7C0 SetUnhandledExceptionFilter,10_2_00007FF6BD5CB7C0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF6BD5D9A14 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00007FF6BD5D9A14
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A72C359C SetUnhandledExceptionFilter,10_2_00007FF8A72C359C
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A72C33B4 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00007FF8A72C33B4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A72C2A38 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_00007FF8A72C2A38
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D4FED __scrt_fastfail,IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00007FF8A73D4FED
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7A81D75 __scrt_fastfail,IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00007FF8A7A81D75
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A7FDC350 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00007FF8A7FDC350
Source: C:\Users\user\Desktop\wsx.exeProcess created: C:\Users\user\Desktop\wsx.exe "C:\Users\user\Desktop\wsx.exe"Jump to behavior
Source: C:\Users\user\Desktop\wsx.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "schtasks /query /tn "registry_65f93d51.exe""Jump to behavior
Source: C:\Users\user\Desktop\wsx.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "schtasks /create /tn "registry_65f93d51.exe" /tr "C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe" /sc onlogon /rl highest /f"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /query /tn "registry_65f93d51.exe"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "registry_65f93d51.exe" /tr "C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe" /sc onlogon /rl highest /fJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeProcess created: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "schtasks /query /tn "registry_65f93d51.exe""Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /query /tn "registry_65f93d51.exe"Jump to behavior
Source: wsx.exe, 00000002.00000002.4721891045.000001D6CF7A0000.00000004.00001000.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4721938594.000001D6CF7E0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721601148.000001DEEE1D0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program Manager
Source: wsx.exe, 00000002.00000002.4721891045.000001D6CF7A0000.00000004.00001000.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4721938594.000001D6CF7E0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721601148.000001DEEE1D0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program Manager0
Source: wsx.exe, 00000002.00000003.3239685469.000001D6CF7E0000.00000004.00001000.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4721891045.000001D6CF7A0000.00000004.00001000.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4721938594.000001D6CF7E0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: program manager
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71F88E0 cpuid 0_2_00007FF7E71F88E0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: EnumSystemLocalesW,10_2_00007FF8A7FDAA9C
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: GetPrimaryLen,EnumSystemLocalesW,10_2_00007FF8A7FDAB04
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: GetPrimaryLen,EnumSystemLocalesW,10_2_00007FF8A7FDABB8
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: EnterCriticalSection,__crt_fast_encode_pointer,EnumSystemLocalesW,LeaveCriticalSection,10_2_00007FF8A7FD8D68
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,10_2_00007FF8A7FDB024
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,10_2_00007FF8A7FDB1E4
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\cryptography-3.4.8.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\ucrtbase.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\charset_normalizer\md.cp38-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\charset_normalizer\md__mypyc.cp38-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\unicodedata.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\certifi\cacert.pem VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\_asyncio.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\_overlapped.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\lockfile VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeQueries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\certifi VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\cryptography-3.4.8.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\cryptography-3.4.8.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\ucrtbase.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeQueries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71DB4C0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF7E71DB4C0
Source: C:\Users\user\Desktop\wsx.exeCode function: 0_2_00007FF7E71F4D50 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF7E71F4D50
Source: C:\Users\user\Desktop\wsx.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\Desktop\wsx.exeCode function: 2_2_00007FF8A8085DB7 bind,WSAGetLastError,2_2_00007FF8A8085DB7
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exeCode function: 10_2_00007FF8A73D5DB7 bind,WSAGetLastError,10_2_00007FF8A73D5DB7

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Scheduled Task/Job		1
Scheduled Task/Job		12
Process Injection		1
Masquerading		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		22
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
Scheduled Task/Job		1
Virtualization/Sandbox Evasion		LSASS Memory31
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading		12
Process Injection		Security Account Manager1
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Deobfuscate/Decode Files or Information		NTDS1
Process Discovery		Distributed Component Object ModelInput Capture3
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
Obfuscated Files or Information		LSA Secrets1
Application Window Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Timestomp		Cached Domain Credentials1
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSync33
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1523266 Sample: wsx.exe Startdate: 01/10/2024 Architecture: WINDOWS Score: 68 58 pontoslivelobb.servicos.ws 2->58 60 estudosadulto.educacao.ws 2->60 66 Multi AV Scanner detection for submitted file 2->66 68 Sigma detected: Invoke-Obfuscation CLIP+ Launcher 2->68 70 AI detected suspicious sample 2->70 72 Sigma detected: Invoke-Obfuscation VAR+ Launcher 2->72 9 wsx.exe 90 2->9         started        13 registry_65f93d51.exe 90 2->13         started        signatures3 process4 file5 42 C:\Users\user\AppData\Local\...\win32wnet.pyd, PE32+ 9->42 dropped 44 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 9->44 dropped 46 C:\Users\user\AppData\Local\...\ucrtbase.dll, PE32+ 9->46 dropped 54 65 other files (none is malicious) 9->54 dropped 76 Potentially malicious time measurement code found 9->76 15 wsx.exe 3 9->15         started        48 C:\Users\user\AppData\Local\...\win32wnet.pyd, PE32+ 13->48 dropped 50 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 13->50 dropped 52 C:\Users\user\AppData\Local\...\ucrtbase.dll, PE32+ 13->52 dropped 56 65 other files (none is malicious) 13->56 dropped 19 registry_65f93d51.exe 13->19         started        signatures6 process7 dnsIp8 62 estudosadulto.educacao.ws 94.156.67.32, 443, 49725, 49728 TERASYST-ASBG Bulgaria 15->62 64 pontoslivelobb.servicos.ws 191.252.83.191, 49724, 49727, 80 LocawebServicosdeInternetSABR Brazil 15->64 40 C:\Users\user\...\registry_65f93d51.exe, PE32+ 15->40 dropped 21 cmd.exe 1 15->21         started        24 cmd.exe 1 15->24         started        26 cmd.exe 1 19->26         started        file9 process10 signatures11 74 Uses schtasks.exe or at.exe to add and modify task schedules 21->74 28 conhost.exe 21->28         started        30 schtasks.exe 1 21->30         started        32 conhost.exe 24->32         started        34 schtasks.exe 1 24->34         started        36 conhost.exe 26->36         started        38 schtasks.exe 1 26->38         started        process12

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
wsx.exe11%ReversingLabs
wsx.exe14%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI18922\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\VCRUNTIME140_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\_asyncio.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\_cffi_backend.cp38-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\_multiprocessing.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\_overlapped.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-fibers-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-string-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-synch-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-synch-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-sysinfo-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-timezone-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-util-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-conio-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-convert-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-environment-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-filesystem-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-heap-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-locale-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-math-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-process-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-runtime-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-stdio-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-string-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-time-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-utility-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\bcrypt\_bcrypt.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\charset_normalizer\md.cp38-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\charset_normalizer\md__mypyc.cp38-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\cryptography\hazmat\bindings\_openssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\libcrypto-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\libffi-7.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\libssl-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\pyexpat.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\python3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\python38.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\pywin32_system32\pywintypes38.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\ucrtbase.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\unicodedata.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI18922\win32wnet.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60562\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60562\VCRUNTIME140_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60562\_asyncio.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60562\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60562\_cffi_backend.cp38-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60562\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60562\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60562\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60562\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60562\_multiprocessing.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60562\_overlapped.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60562\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60562\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60562\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://crl.securetrust.com/STCA.crl00%URL Reputationsafe
http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
http://www.quovadisglobal.com/cps00%URL Reputationsafe
http://ocsp.thawte.com00%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
pontoslivelobb.servicos.ws
191.252.83.191
truefalse
    		unknown
    fp2e7a.wpc.phicdn.net
    		192.229.221.95
    		truefalse
      		unknown
      estudosadulto.educacao.ws
      		94.156.67.32
      		truefalse
        		unknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        http://pontoslivelobb.servicos.ws/conta.phpfalse
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://github.com/asweigart/pyperclip/issues/55wsx.exe, 00000002.00000002.4721239599.000001D6CEC70000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721200938.000001DEEDF30000.00000004.00001000.00020000.00000000.sdmpfalse
            		unknown
            http://crl.xrampsecurity.com/XGCA.crll__.wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmpfalse
              		unknown
              http://pontoslivelobb.servicos.ws/conta.phprgwsx.exe, 00000002.00000002.4719391565.000001D6CE0C0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2333460204.000001DEED165000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED165000.00000004.00000020.00020000.00000000.sdmpfalse
                		unknown
                https://cloud.google.com/appengine/docs/standard/runtimeswsx.exe, 00000002.00000002.4719763286.000001D6CE3D0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719870837.000001DEED690000.00000004.00001000.00020000.00000000.sdmpfalse
                  		unknown
                  https://github.com/mhammond/pywin32wsx.exe, 00000000.00000003.2279561845.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277366073.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2326535528.000001BF4058B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2326414155.000001BF4058A000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2327436277.000001BF4058B000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    http://docs.python.org/library/unittest.htmlwsx.exe, 00000002.00000002.4720673524.000001D6CE9B5000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720778267.000001DEEDC94000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#wsx.exe, 00000002.00000003.2289908865.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2291758750.000001D6CBE90000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290464010.000001D6CBE5A000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4718299020.000001D6CBE7E000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290287018.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4718299020.000001D6CBDDE000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290158960.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2289611735.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290609085.000001D6CBE5A000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718119614.000001DEEAFED000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2331071299.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2329999010.000001DEEB03C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2329900306.000001DEEB041000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2330062853.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2330349702.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718119614.000001DEEB08B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2330602280.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        http://pontoslivelobb.servicos.ws/salva.phpwsx.exe, 00000002.00000002.4719580106.000001D6CE2D0000.00000004.00001000.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4719391565.000001D6CE0C0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2333460204.000001DEED165000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED165000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719712925.000001DEED590000.00000004.00001000.00020000.00000000.sdmpfalse
                          		unknown
                          http://www.python.org/download/releases/2.3/mro/.wsx.exe, 00000002.00000002.4718850807.000001D6CD760000.00000004.00001000.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290828612.000001D6CDDB1000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718867536.000001DEECED0000.00000004.00001000.00020000.00000000.sdmpfalse
                            		unknown
                            https://github.com/pyca/cryptography/actions?query=workflow%3ACIwsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                              		unknown
                              https://tools.ietf.org/html/rfc2388#section-4.4wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                https://www.apache.org/licenses/LICENSE-2.0wsx.exe, 00000000.00000003.2280623300.000001AA02368000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2280497122.000001AA0235A000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2280468813.000001AA02368000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328258629.000001BF4058B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328328440.000001BF40599000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328258629.000001BF40599000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  http://docs.python.org/3/library/subprocess#subprocess.Popen.killwsx.exe, 00000002.00000002.4721431850.000001D6CEDB0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721388934.000001DEEE070000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://codecov.io/github/pyca/cryptography/coverage.svg?branch=masterwsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                      		unknown
                                      http://crl.dhimyotis.com/certignarootca.crlwsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        http://curl.haxx.se/rfc/cookie_spec.htmlwsx.exe, 00000002.00000002.4720967947.000001D6CEAC0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720357983.000001DEED980000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		unknown
                                          http://ocsp.accv.eswsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            http://www.python.org/dev/peps/pep-0205/wsx.exe, 00000000.00000003.2279765483.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4719280774.000001D6CDFF0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2327588294.000001BF4058B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719310887.000001DEED2B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		unknown
                                              http://docs.python.org/3/library/subprocess#subprocess.Popen.returncodewsx.exe, 00000002.00000002.4721391137.000001D6CED70000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721388934.000001DEEE070000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://stackoverflow.com/questions/455434/how-should-i-use-formatmessage-properly-in-cwsx.exe, 00000002.00000002.4721239599.000001D6CEC70000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721200938.000001DEEDF30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://estudosadulto.educacao.ws/contador/contador.phpwsx.exe, 00000002.00000002.4721755051.000001D6CF710000.00000004.00001000.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4720209105.000001D6CE777000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4721310829.000001D6CECF0000.00000004.00001000.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4721473524.000001D6CEE00000.00000004.00001000.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4721062499.000001D6CEB40000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721601148.000001DEEE1D0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721429022.000001DEEE0C0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721021413.000001DEEDE00000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721273657.000001DEEDFB0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719438072.000001DEED390000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://json.orgregistry_65f93d51.exe, 0000000A.00000002.4719438072.000001DEED4CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688wsx.exe, 00000002.00000002.4718686995.000001D6CD660000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718710013.000001DEECC90000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2329900306.000001DEEB041000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://httpbin.org/getregistry_65f93d51.exe, 0000000A.00000002.4721200938.000001DEEDF30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          http://httpbin.org/wsx.exe, 00000002.00000002.4718299020.000001D6CBE7E000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED165000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            http://91.92.246.171:5000/replaceregistry_65f93d51.exe, 0000000A.00000002.4719712925.000001DEED590000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://wwww.certigna.fr/autorites/0mwsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerwsx.exe, 00000002.00000003.2289908865.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2291758750.000001D6CBE90000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290464010.000001D6CBE5A000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4718299020.000001D6CBE7E000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290287018.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4718299020.000001D6CBDDE000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290158960.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2289611735.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290609085.000001D6CBE5A000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718119614.000001DEEAFED000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2331071299.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2329999010.000001DEEB03C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2329900306.000001DEEB041000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2330062853.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2330349702.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718119614.000001DEEB08B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2330602280.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://codecov.io/github/pyca/cryptography?branch=masterwsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                    		unknown
                                                                    https://httpbin.org/wsx.exe, 00000002.00000002.4718299020.000001D6CBE7E000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED165000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://www.apache.org/licenses/wsx.exe, 00000000.00000003.2280497122.000001AA0235A000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328258629.000001BF4058B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://wwww.certigna.fr/autorites/registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          http://www.cl.cam.ac.uk/~mgk25/iso-time.htmlregistry_65f93d51.exe, 0000000A.00000003.2333601164.000001DEED401000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            http://pontoslivelobb.servicos.ws/conta.phprg)wsx.exe, 00000002.00000002.4719391565.000001D6CE0C0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2333460204.000001DEED165000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED165000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              http://repository.swisssign.com/tregistry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDAE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sywsx.exe, 00000002.00000003.2289908865.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2291758750.000001D6CBE90000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290464010.000001D6CBE5A000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4718299020.000001D6CBE7E000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290287018.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4718299020.000001D6CBDDE000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290158960.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2289611735.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290609085.000001D6CBE5A000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718119614.000001DEEAFED000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2331071299.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2329999010.000001DEEB03C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2329900306.000001DEEB041000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2330062853.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2330349702.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718119614.000001DEEB08B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2330602280.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://cryptography.io/en/latest/installation.htmlwsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                      		unknown
                                                                                      http://crl.securetrust.com/STCA.crlwsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        http://crl.securetrust.com/STCA.crl__exit__cwsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          http://wwwsearch.sf.net/):wsx.exe, 00000002.00000002.4719391565.000001D6CE211000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEED9C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              http://www.accv.es/legislacion_c.htmwsx.exe, 00000002.00000002.4719391565.000001D6CE211000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED090000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                http://tools.ietf.org/html/rfc6125#section-6.4.3wsx.exe, 00000002.00000002.4719910052.000001D6CE4E0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720018075.000001DEED7A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  http://crl.xrampsecurity.com/XGCA.crl0wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    http://www.cert.fnmt.es/dpcs/wsx.exe, 00000002.00000002.4718299020.000001D6CBDDE000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      http://www.accv.es00wsx.exe, 00000002.00000002.4719391565.000001D6CE211000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED090000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyregistry_65f93d51.exe, 0000000A.00000003.2330602280.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          http://www.phys.uu.nl/~vgent/calendar/isocalendar.htmregistry_65f93d51.exe, 0000000A.00000003.2333601164.000001DEED401000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://github.com/pyca/cryptography/issueswsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                              		unknown
                                                                                                              https://readthedocs.org/projects/cryptography/badge/?version=latestwsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                		unknown
                                                                                                                https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.wsx.exe, 00000002.00000002.4719391565.000001D6CE211000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  http://google.com/registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://mahler:8092/site-updates.pywsx.exe, 00000002.00000002.4720209105.000001D6CE80F000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2332400133.000001DEEB0C6000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719438072.000001DEED569000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2332488463.000001DEEB0C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://urllib3.readthedocs.io/en/stable/v2-migration-guide.htmlwsx.exe, 00000002.00000002.4719945013.000001D6CE530000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720060998.000001DEED7F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://estudosadulto.educacao.ws/contador/contador.php0wsx.exe, 00000002.00000002.4721755051.000001D6CF710000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          http://crl.securetrust.com/SGCA.crlwsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            http://docs.pwsx.exe, 00000002.00000002.4720673524.000001D6CE9B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              http://.../back.jpegwsx.exe, 00000002.00000002.4721018755.000001D6CEB00000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720985405.000001DEEDDC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://github.com/pyca/cryptographywsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                  		unknown
                                                                                                                                  https://cryptography.io/wsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                    		unknown
                                                                                                                                    https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxywsx.exe, 00000002.00000002.4719832400.000001D6CE450000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719943391.000001DEED710000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      http://www.python.org/wsx.exe, 00000002.00000002.4720209105.000001D6CE80F000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2332400133.000001DEEB0C6000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719438072.000001DEED569000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2332488463.000001DEEB0C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        https://httpbin.org/postwsx.exe, 00000002.00000002.4719019125.000001D6CDE98000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2333460204.000001DEED165000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED165000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://pyperclip.readthedocs.io/en/latest/index.html#not-implemented-errorwsx.exe, 00000002.00000002.4721204773.000001D6CEC30000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721156944.000001DEEDEF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://github.com/Ousret/charset_normalizerwsx.exe, 00000002.00000002.4720209105.000001D6CE793000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719438072.000001DEED569000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              https://github.com/urllib3/urllib3/issues/497registry_65f93d51.exe, 0000000A.00000002.4719870837.000001DEED690000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                http://www.firmaprofesional.com/cps0wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  http://crl.securetrust.com/SGCA.crl0wsx.exe, 00000002.00000002.4719391565.000001D6CE0C0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDAE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    http://crl.securetrust.com/STCA.crl0wsx.exe, 00000002.00000002.4719391565.000001D6CE0C0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDAE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    		unknown
                                                                                                                                                    http://www.quovadisglobal.com/cpsdregistry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED090000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      http://yahoo.com/wsx.exe, 00000002.00000002.4718299020.000001D6CBE7E000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED090000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6wsx.exe, 00000002.00000002.4719391565.000001D6CE0C0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2333794430.000001DEED42A000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719438072.000001DEED3B0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2333601164.000001DEED401000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          http://crl.thawte.com/ThawteTimestampingCA.crl0wsx.exe, 00000000.00000003.2265229722.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264080444.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275028844.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275950894.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264228352.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276567966.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2279137450.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275609971.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264864812.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263839273.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2326535528.000001BF4058B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          		unknown
                                                                                                                                                          https://w3c.github.io/html/sec-forms.html#multipart-form-datawsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED165000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            http://www.quovadisglobal.com/cps0wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            		unknown
                                                                                                                                                            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlwsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719438072.000001DEED4CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                https://docs.microsofregistry_65f93d51.exe, 0000000A.00000002.4720778267.000001DEEDC94000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://mail.python.org/mailman/listinfo/cryptography-devwsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://requests.readthedocs.iowsx.exe, 00000002.00000002.4721204773.000001D6CEC30000.00000004.00001000.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4719019125.000001D6CDE98000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2333460204.000001DEED165000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721156944.000001DEEDEF0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED165000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      http://repository.swisssign.com/wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4720209105.000001D6CE893000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDB8C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDAE1000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        http://python.org/dev/peps/pep-0263/python38.dll.0.drfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          http://crl.xrampsecurity.com/XGCA.crlregistry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://repository.swisssign.com/Hdregistry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDAE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              http://repository.swisssign.com/0Rwsx.exe, 00000002.00000002.4720209105.000001D6CE893000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://www.python.orgwsx.exe, 00000002.00000002.4719019125.000001D6CDE98000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2333460204.000001DEED165000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED165000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719438072.000001DEED3B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  http://www.accv.es/legislacion_c.htm0Uwsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    http://ocsp.accv.es0wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      http://ocsp.thawte.com0wsx.exe, 00000000.00000003.2274110280.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264080444.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275028844.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275950894.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264228352.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276567966.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2279137450.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275609971.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264864812.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263839273.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2326535528.000001BF4058B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2312259416.000001BF40588000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warningsregistry_65f93d51.exe, 0000000A.00000002.4719943391.000001DEED710000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        https://cryptography.io/en/latest/security.htmlwsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          https://twitter.com/wsx.exe, 00000002.00000002.4718299020.000001D6CBE7E000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED165000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warningsPvwsx.exe, 00000002.00000002.4719727193.000001D6CE390000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719831009.000001DEED650000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              http://www.quovadisglobal.com/cpswsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED090000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                https://img.shields.io/pypi/v/cryptography.svgwsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  http://google.com/mail/registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    http://docs.python.org/3/library/subprocess#subprocess.Popen.terminatewsx.exe, 00000002.00000002.4721352219.000001D6CED30000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721308581.000001DEEDFF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      https://estudosadulto.educacao.ws/contador/contador.php0wtwsx.exe, 00000002.00000002.4721755051.000001D6CF710000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		unknown

                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                        191.252.83.191
                                                                                                                                                                                                        		pontoslivelobb.servicos.wsBrazil
                                                                                                                                                                                                        		27715LocawebServicosdeInternetSABRfalse
                                                                                                                                                                                                        94.156.67.32
                                                                                                                                                                                                        		estudosadulto.educacao.wsBulgaria
                                                                                                                                                                                                        		31420TERASYST-ASBGfalse

                                                                                                                                                                                                        General Information

                                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                        Analysis ID:1523266
                                                                                                                                                                                                        Start date and time:2024-10-01 11:36:07 +02:00
                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                        Overall analysis duration:0h 12m 41s
                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                        Number of analysed new started processes analysed:15
                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                        Sample name:wsx.exe
                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                        Classification:mal68.evad.winEXE@21/160@2/2
                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                                                                        HCA Information:Failed
                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                                                                                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe
                                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 40.126.32.133, 40.126.32.138, 20.190.160.17, 40.126.32.136, 20.190.160.14, 20.190.160.22, 40.126.32.140, 20.190.160.20, 104.208.16.94, 13.89.179.12
                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): prdv4a.aadg.msidentity.com, slscr.update.microsoft.com, www.tm.v4.a.prd.aadg.akadns.net, 7.4.8.4.4.3.1.4.0.0.0.0.0.0.0.0.0.0.0.a.0.0.1.f.1.1.1.0.1.0.a.2.ip6.arpa, ctldl.windowsupdate.com, onedsblobprdcus17.centralus.cloudapp.azure.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, login.live.com, ocsp.edge.digicert.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, www.tm.lg.prod.aadmsa.trafficmanager.net, onedsblobprdcus16.centralus.cloudapp.azure.com
                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                        • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                                        05:37:57API Interceptor2820625x Sleep call for process: wsx.exe modified
                                                                                                                                                                                                        05:38:02API Interceptor2369061x Sleep call for process: registry_65f93d51.exe modified
                                                                                                                                                                                                        11:37:24Task SchedulerRun new task: registry_65f93d51.exe path: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe

                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                        IPs

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        191.252.83.191Deolane-Video-PDF.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • pontoslivelobb.servicos.ws/conta.php
                                                                                                                                                                                                        94.156.67.32Deolane-Video-PDF.vbsGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                          Domains

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          estudosadulto.educacao.wsDeolane-Video-PDF.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 94.156.67.32
                                                                                                                                                                                                          fp2e7a.wpc.phicdn.nethttps://thubanoa.com/1?z=8001368Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 192.229.221.95
                                                                                                                                                                                                          https://app.getresponse.com/change_details.html?x=a62b&m=BrgFNl&s=BW9rcZD&u=C3YQM&z=EMkQID6&pt=change_detailsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 192.229.221.95
                                                                                                                                                                                                          https://abby-gatenby.com/m/?c3Y9bzM2NV8xX29uZSZyYW5kPVNucEJVREU9JnVpZD1VU0VSMDMwOTIwMjRVNDYwOTAzMDE=N0123NGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 192.229.221.95
                                                                                                                                                                                                          http://assets.watchasync.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 192.229.221.95
                                                                                                                                                                                                          Adjunto factura.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 192.229.221.95
                                                                                                                                                                                                          RFQ -SCHOTTEL Type SRP200.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                          • 192.229.221.95
                                                                                                                                                                                                          https://www.afghanhayatrestaurant.com.au/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 192.229.221.95
                                                                                                                                                                                                          https://booking.com-partners.one/confirm/login/qAlElVVFGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 192.229.221.95
                                                                                                                                                                                                          https://www.polorestobar.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 192.229.221.95
                                                                                                                                                                                                          https://jv.prenticeu.com/SAFlSIeECgRZt_tUKXhAOQHYyqb5e4/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          • 192.229.221.95
                                                                                                                                                                                                          pontoslivelobb.servicos.wsDeolane-Video-PDF.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 191.252.83.191

                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          TERASYST-ASBGDeolane-Video-PDF.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 94.156.67.32
                                                                                                                                                                                                          https://www.google.to/url?url=https://bxaxlsoggszcwwbz&nzc=vvjpqcc&suvkdk=cmz&kwdec=vutety&cbb=sslsceg&pagnn=fuhmpw&dkqf=mwwhastk&ffmvozjupo=yqbyougxxo&q=amp/gm5bqhj.g%C2%ADb%C2%ADe%C2%ADym%C2%ADw%C2%ADc%C2%ADg%C2%ADv%C2%ADk%C2%ADb%C2%ADd%C2%ADevll.com%E2%80%8B/cbvogermm&clnw=xokmakg&dhxrdhh=zgwr&tievm=savxww&gfpizxn=fnvGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          • 94.156.64.140
                                                                                                                                                                                                          https://editdoucsign.pages.dev/?email=3mail@b.cGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          • 94.156.66.124
                                                                                                                                                                                                          PersonalizedOffer.exeGet hashmaliciousUltraVNCBrowse
                                                                                                                                                                                                          • 94.156.69.75
                                                                                                                                                                                                          PersonalizedOffer.exeGet hashmaliciousUltraVNCBrowse
                                                                                                                                                                                                          • 94.156.69.75
                                                                                                                                                                                                          SecuriteInfo.com.Win32.MalwareX-gen.15249.22466.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 94.156.71.53
                                                                                                                                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 94.156.68.124
                                                                                                                                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 94.156.65.70
                                                                                                                                                                                                          CorelDRAWGraphicsSuite202425.2.0.301x64MultilingualUpdate.exeGet hashmaliciousQuasar, DarkTortillaBrowse
                                                                                                                                                                                                          • 94.156.64.45
                                                                                                                                                                                                          killua.x86_64.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 94.156.71.92
                                                                                                                                                                                                          LocawebServicosdeInternetSABRDeolane-Video-PDF.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 191.252.83.191
                                                                                                                                                                                                          https://emailmarketing.locaweb.com.br/accounts/194439/messages/7/clicks/116375/9?envelope_id=7/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 186.202.135.207
                                                                                                                                                                                                          http://emailmarketing.locaweb.com.br/accounts/194439/messages/3/clicks/14727/3/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 186.202.135.207
                                                                                                                                                                                                          Oficio notificacion multas y sanciones.vbsGet hashmaliciousNjratBrowse
                                                                                                                                                                                                          • 191.252.83.213
                                                                                                                                                                                                          Bb65bKypZP.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 191.252.83.213
                                                                                                                                                                                                          u30wlJmZuT.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 191.252.83.213
                                                                                                                                                                                                          bF9JDHS47l.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                          • 191.252.83.213
                                                                                                                                                                                                          TPFK2rYosu.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 191.252.83.213
                                                                                                                                                                                                          TDjIl6ldeJ.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 191.252.83.213
                                                                                                                                                                                                          0Zdq4t4SKO.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 191.252.83.213

                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI18922\VCRUNTIME140.dllDeolane-Video-PDF.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            https://symless.com/synergy/synergy/api/download/synergy-win_x64-v3.0.79.1-rc3.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              DKLmoAuzkA.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                                                https://api-functions.prod.a.symless.com/download-log?synergyVersion=3.0.66.22-beta&operatingSystem=Windows&architecture=64-bit&downloadUrl=https%3A%2F%2Frc.symless.com%2Fsynergy3%2Fv3.0.66.22-beta%2Fsynergy-win_x64-v3.0.66.22-beta.msi&userId=886628Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  Nk77hIlehl.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    Nk77hIlehl.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      Nk77hIlehl.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        UQqngcmYAa.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          4KCaptureUtility_1.7.9.4940_x64.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            run.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\VCRUNTIME140.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):101664
                                                                                                                                                                                                                              Entropy (8bit):6.561877023049057
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:yCKWZGuEK0mOLSTxoPl9GIcuZrxi4hXX9oix8H+9C7ecbGSh9ZR0Fa:yFWY1WxgGStJ8HaC7ecbG2Ga
                                                                                                                                                                                                                              MD5:18571D6663B7D9AC95F2821C203E471F
                                                                                                                                                                                                                              SHA1:3C186018DF04E875D6B9F83521028A21F145E3BE
                                                                                                                                                                                                                              SHA-256:0B040A314C19FF88F38FD9C89DCA2D493113A6109ADB8525733C3F6627DA888F
                                                                                                                                                                                                                              SHA-512:C8CBCA1072B8CB04F9D82135C91FF6D7A539CB7A488671CECB6B5E2F11A4807F47AD9AF5A87EBEE44984AB71D7C44FC87850F9D04FD2C5019EC1B6A1B483CA21
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                                                              • Filename: Deolane-Video-PDF.vbs, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: DKLmoAuzkA.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: Nk77hIlehl.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: Nk77hIlehl.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: Nk77hIlehl.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: UQqngcmYAa.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: 4KCaptureUtility_1.7.9.4940_x64.msi, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: run.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w.............t:..............................................................Rich....................PE..d......^.........." .........^......................................................v=....`A.........................................0..4....9.......p.......P.......L.. A..............8........................... ...0............................................text...2........................... ..`.rdata...?.......@..................@..@.data...0....@.......4..............@....pdata.......P.......8..............@..@_RDATA.......`.......D..............@..@.rsrc........p.......F..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\VCRUNTIME140_1.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):44328
                                                                                                                                                                                                                              Entropy (8bit):6.619269527509389
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:qim/NRETi8kykt25HwviU5fJUiP2551xWmbTqOA7SXfIfy85xM8AT5WrmKWkrWiS:qIe8kySL2iPQxdvjAevMM5vAWtNyjS
                                                                                                                                                                                                                              MD5:A4F89FFC725CCAE3C7BBCB9A0C91302F
                                                                                                                                                                                                                              SHA1:531194DAD6795B3CB50B02501B0856EFA694DD36
                                                                                                                                                                                                                              SHA-256:BBCEA93943F7E28A4D904301FF4BB708ADAEC4CC27800020044085FB838D4E5D
                                                                                                                                                                                                                              SHA-512:C8CE2DCB65CD1FD0A7FFDC1DF0076BE2882BADAC7082B49FF96EC2CA1E944CCAB8699AB28901A895CCA90783CD223434552E366103FB6FCD25D9AD033B95EEDF
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ .S.A...A...A..0.m..A..O....A...9...A...A...A..O....A..O....A..O....A..O....A..O.}..A..O....A..Rich.A..................PE..d......^.........." .....:...4......pA...................................................`A.........................................j......|k..x....................l..(A......8....b..8...........................@b..0............P..X............................text....9.......:.................. ..`.rdata... ...P..."...>..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..8............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\_asyncio.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):63560
                                                                                                                                                                                                                              Entropy (8bit):5.8738277266687575
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:ddA7ll/y7vFtIrfKqnXM7KXsssS9ZINsn8ByvK:dUll/WFAfnXMOX5PZINsnNK
                                                                                                                                                                                                                              MD5:7DD62E9903D66377D49D592B6E6DAC82
                                                                                                                                                                                                                              SHA1:2B6BEC5D58CD4A7F0EAA809179461DBDB527D4F7
                                                                                                                                                                                                                              SHA-256:29712C65138FC02208D8575A8EF188D69947464DD0DC2BE53F34C8DA81A82F06
                                                                                                                                                                                                                              SHA-512:9BC8526C6C9EBA3682848277079457BB443A516CDBF3F10D281763A37483E7C6929AFEDDD7D9663E3573DD03665230395CEC7C60EA3F1671DF93628A665822AD
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f."..."..."...+.R. ....... .......).......*....... ......!...y... ...".........#......#....>.#......#...Rich"...................PE..d...P.._.........." .....\................................................... ......*.....`.............................................P...`...d.......................H.......p....v..T............................v...............p..0............................text...<Z.......\.................. ..`.rdata..HI...p...J...`..............@..@.data...( ..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..p...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\_bz2.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):86088
                                                                                                                                                                                                                              Entropy (8bit):6.376772954999528
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:i2g2Q9bRpNtjKjhtgc7JV+kwu0D9sl8/PFXPpQBIN4V/y8R:Jg2Qbvo0cV4kwu0D9sK/9XPpQBIN4VJR
                                                                                                                                                                                                                              MD5:FC0D862A854993E0E51C00DEE3EEC777
                                                                                                                                                                                                                              SHA1:20203332C6F7BD51F6A5ACBBC9F677C930D0669D
                                                                                                                                                                                                                              SHA-256:E5DE23DBAC7ECE02566E79B3D1923A8EEAE628925C7FB4B98A443CAD94A06863
                                                                                                                                                                                                                              SHA-512:B3C2ADE15CC196E687E83DD8D21CE88B83C8137A83CFC20BC8F2C8F3AB72643EF7CA08E1DC23DE0695F508BA0080871956303AC30F92AB865F3E4249D4D65C2F
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.00..^c..^c..^c...c..^c.._b..^c.R.c..^c..[b..^c..Zb..^c..]b..^c.._b..^cN._b..^c.._ct.^c..Sb..^c..^b..^c...c..^c..\b..^cRich..^c........PE..d...e.._.........." .........h..............................................p.......^....`.........................................0...H...x........P.......@..4....6..H....`..........T...............................................H............................text............................... ..`.rdata..rB.......D..................@..@.data........0......................@....pdata..4....@......................@..@.rsrc........P.......(..............@..@.reloc.......`.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\_cffi_backend.cp38-win_amd64.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):177664
                                                                                                                                                                                                                              Entropy (8bit):6.158534074101028
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3072:8QY/et3+F8qiO1dmSzbo0+tMv5J5S7wbSTLLKCR8LpA:xwEuF8qXsSzESxThbSTLeCOLp
                                                                                                                                                                                                                              MD5:4173EC9FE8F83845BBAF61D8C313A30A
                                                                                                                                                                                                                              SHA1:D0A6095964150230EDE434506E167F1DEE731296
                                                                                                                                                                                                                              SHA-256:3DF50B1E9FADC6D006C712D2A80A96AE0A286EFD82F9A4160439C75D2BE4D7B4
                                                                                                                                                                                                                              SHA-512:17C6E083CAFB7D6B6DCFAD4960F04E3754A5C0D1AE70F1AE8B91421C4AFCBE32D44611FEC29D295A36573007674510AF9992DAA3057548EFFCCCA772602FA435
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......C..#...p...p...p...p...p.7.q...p.7|p...p.7.q...p.7.q...p.7.q...pL.q...p...q...p...p...p.0.q...p...p...p.0.q...p.0~p...p.0.q...pRich...p........................PE..d...!~.f.........." ...(.....@.............................................. ............`.........................................pV..h....V.......................................=..............................p<..@............................................text............................... ..`.rdata..............................@..@.data....].......0...h..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\_ctypes.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):126024
                                                                                                                                                                                                                              Entropy (8bit):5.9027294934540775
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3072:97uYeVDxa+yVfZgV2JjtiAEUBfeT0jJRZBFU8RdINVPS:9K383gIj/feTgJRX
                                                                                                                                                                                                                              MD5:8ADB1345C717E575E6614E163EB62328
                                                                                                                                                                                                                              SHA1:F1EE3FFF6E06DC4F22A5EB38C09C54580880E0A3
                                                                                                                                                                                                                              SHA-256:65EDC348DB42347570578B979151B787CEEBFC98E0372C28116CC229494A78A8
                                                                                                                                                                                                                              SHA-512:0F11673854327FD2FCD12838F54C080EDC4D40E4BCB50C413FE3F823056D189636DC661EA79207163F966719BF0815E1FFA75E2FB676DF4E56ED6321F1FF6CAE
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........gq..............~.......k.......k.......k.......k......Xh.......n.......n......^o..........!...Xh......Xh......Xh......Xh......Rich............................PE..d...[.._.........." .................^....................................................`..........................................r......4s..................d.......H...........P-..T............................-............... ..p............................text...i........................... ..`.rdata...n... ...p..................@..@.data....>.......:...v..............@....pdata..d...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\_decimal.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):266824
                                                                                                                                                                                                                              Entropy (8bit):6.520816772363595
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6144:mYXkBpKJU7vSJL9cu4eSOolgjozIQk9qWMa3pLW1AG4visa2OGuQaN:oBpKJGSpslDsQ+Ju5N
                                                                                                                                                                                                                              MD5:49B8CD4D750FE59ADFB1CF8252C3EFE0
                                                                                                                                                                                                                              SHA1:01F6E81B46F417233262DF5282E233FDAD369686
                                                                                                                                                                                                                              SHA-256:0AF14298B022D615FC12DE4034068985928FE6B7AB6BAE3F5BE3A8ADAD379074
                                                                                                                                                                                                                              SHA-512:EEA62D90D09502EB1ED425DD7C43355356C94F35740B78469DB6D74B7C362ECEC01806B1E1071BB741D68391996F8960B4642E98831525EE2886867D202CD07C
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@2F..S(..S(..S(..+...S(..>)..S(..>-..S(..>,..S(..>+..S(..=)..S(._;)..S(..S)..S(..=+..S(..=%..S(..=(..S(..=..S(..=*..S(.Rich.S(.........PE..d...S.._.........." .........F......$........................................0......$.....`.........................................`...P........................+......H.... ..P.......T...............................................(............................text...@........................... ..`.rdata..............................@..@.data...H*.......$..................@....pdata...+.......,..................@..@.rsrc...............................@..@.reloc..P.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\_hashlib.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):46152
                                                                                                                                                                                                                              Entropy (8bit):5.9492510690836475
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:4OUT3iMTYwbDU5496lvj3UEPKhievaZoZINsIm0WDG4yHo:4OrBwbDQdjEphfvCoZINsImhyHo
                                                                                                                                                                                                                              MD5:5FA7C9D5E6068718C6010BBEB18FBEB3
                                                                                                                                                                                                                              SHA1:93E8875D6D0F943B4226E25452C2C7D63D22B790
                                                                                                                                                                                                                              SHA-256:2E98F91087F56DFDFFBBDD951CD55CD7EA771CEC93D59CADB86B964ED8708155
                                                                                                                                                                                                                              SHA-512:3104AA8B785740DC6A5261C27B2BDC6E14B2F37862FA0FBA151B1BC1BFC0E5FB5B6934B95488FA47C5AF3FC2B2283F333FF6517B6F8CF0437C52CF171DA58BF5
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................?.....-......-....-....-......d............c............d......d......d.S.....d......Rich............PE..d...e.._.........." .....@...\.......2..............................................OQ....`..........................................v..P....v..........................H...........0X..T............................X...............P...............................text....>.......@.................. ..`.rdata..D4...P...6...D..............@..@.data...h............z..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\_lzma.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):162376
                                                                                                                                                                                                                              Entropy (8bit):6.760133023586482
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3072:DfVedVAw2nIhmc8sWOwPhE8qENIawGWp1ZB4Vzxznfo9mNoF32YIUVbFBINH1d:DfVedVYnWmS9we8G9ZB4DwYOFZIUzU
                                                                                                                                                                                                                              MD5:60E215BB78FB9A40352980F4DE818814
                                                                                                                                                                                                                              SHA1:FF750858C3352081514E2AE0D200F3B8C3D40096
                                                                                                                                                                                                                              SHA-256:C4D00582DEE45841747B07B91A3E46E55AF79E6518EC9F0CE59B989C0ACD2806
                                                                                                                                                                                                                              SHA-512:398A441DE98963873417DA6352413D080620FAF2AE4B99425D7C9EAF96D5F2FDF1358E21F16870BDFF514452115266A58EE3C6783611F037957BFA4BCEC34230
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T......K...K...K...K...K..J...K..J...K..J...K..J...K..J...KK.J...K...Kq..K..J*..K..J...K..mK...K..J...KRich...K................PE..d...p.._.........." .....|..........84....................................................`.........................................p6..L....6..x............`.......`..H.......$.......T...........................`...................0............................text...!z.......|.................. ..`.rdata..............................@..@.data........P.......4..............@....pdata.......`.......<..............@..@.rsrc................R..............@..@.reloc..$............^..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\_multiprocessing.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):29256
                                                                                                                                                                                                                              Entropy (8bit):5.9682801135376815
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:oQybRGaX9IGnrQa4qtpj4Y54JP7gR0478sn5pINkBLpXSnYPLxDG4y8RG4:oD8qCG0aZcJDux35pINktpiWDG4ys
                                                                                                                                                                                                                              MD5:E322BEF009567F51A5B50580EA358B84
                                                                                                                                                                                                                              SHA1:8518BCF80EBC1A7359EC924C7D246748EC3B0B08
                                                                                                                                                                                                                              SHA-256:AC50CDC428714DD5F411CA45AA1196E99075755B4719D17B2929E94C5E868AEF
                                                                                                                                                                                                                              SHA-512:3970106FA397B7B5F2C354E9A433AA50164A742296D102C94111F00F60972295E426486016341D180FDA05532E7CD5F753F9FDBAD158E9759FE55EBE5EFBC2D2
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........v...............oi.....+z......+z......+z......+z......by....................by......by......by......by......Rich....................PE..d...T.._.........." ..... ...:......X...............................................z"....`..........................................@..`....@..x....p.. ....`.......X..H............3..T............................4...............0...............................text............ .................. ..`.rdata..$....0.......$..............@..@.data...h....P.......@..............@....pdata.......`.......F..............@..@.rsrc... ....p.......J..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\_overlapped.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):45640
                                                                                                                                                                                                                              Entropy (8bit):6.029273550521059
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:GjJDGL+xD1jf2SnI1KseKVoYWE50vnIBkBovVINJtKkWDG4yR7:GjJ6+2CI1KJ20vnIBJvVINJtKRyJ
                                                                                                                                                                                                                              MD5:DA51560431C584706D9A9E3E40E82CFE
                                                                                                                                                                                                                              SHA1:E60C22A05FD6A34C95F46DC17292F8C4D5E8C332
                                                                                                                                                                                                                              SHA-256:EF1BB6ABEDC9A6E156ECA16AA53E836948DEB224CDC0C5FC05E7816F860C38A9
                                                                                                                                                                                                                              SHA-512:555AA6FD084B0675D629BF79711C91899D178735E4B1B9F9AC4C13D7F01E0A3D8F6436699E37922F04BAFFEF32EFF540EF4BACE6B58E3BAFAFA021DDC12564EB
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................F................................D...........................D......D......D.*....D......Rich...........................PE..d...V.._.........." .....@...Z......h................................................4....`..........................................v..X...Hw..........................H...........@W..T............................W...............P...............................text...J?.......@.................. ..`.rdata...4...P...6...D..............@..@.data...`............z..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\_queue.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):28232
                                                                                                                                                                                                                              Entropy (8bit):6.026784322519284
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:5fzd3kPmXE/K/15JGsNi6rDcDRmOnx+cECdINqUTnYPLxDG4y8RGF9uE:V7XE/KLJa6rDaRm4DdINqUTWDG4yF9uE
                                                                                                                                                                                                                              MD5:1FC2C6B80936EFC502BFC30FC24CAA56
                                                                                                                                                                                                                              SHA1:4E5B26FF3B225906C2B9E39E0F06126CFC43A257
                                                                                                                                                                                                                              SHA-256:9C47A3B84012837C60B7FECED86ED0A4F12910A85FD259A4483A48CD940E3514
                                                                                                                                                                                                                              SHA-512:D07655D78ACA969CCC0D7CEDF9E337C7B20082D80BE1D90D69C42BE933FBAB1C828316D2EB5461DED2FF35E52762E249FC0C2BCCBC2B8436488FB6A270D3D9EE
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f."..."..."...+.V. ....... .......).......*....... ......!...y... ..."...a......#......#....:.#......#...Rich"...........PE..d...T.._.........." .........8............................................................`.........................................`B..L....B..d....p.......`.......T..H.......l...@3..T............................3...............0..8............................text...l........................... ..`.rdata..J....0......."..............@..@.data........P.......>..............@....pdata.......`.......B..............@..@.rsrc........p.......F..............@..@.reloc..l............R..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\_socket.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):78920
                                                                                                                                                                                                                              Entropy (8bit):6.068138139328106
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:SKmx5snrlAdD68Asd9/s+7+pIlxRjDzrdINVwayv:JmxqnBwAsd9/se+pIxRPzrdINVw1
                                                                                                                                                                                                                              MD5:1D53841BB21ACDCC8742828C3ADED891
                                                                                                                                                                                                                              SHA1:CDF15D4815820571684C1F720D0CBA24129E79C8
                                                                                                                                                                                                                              SHA-256:AB13258C6DA2C26C4DCA7239FF4360CA9166EA8F53BB8CC08D2C7476CAB7D61B
                                                                                                                                                                                                                              SHA-512:0266BCBCD7CA5F6C9DF8DBEEA00E1275932DACC38E5DD83A47BFBB87F7CA6778458A6671D8B84A63AE9216A65975DA656BA487AC28D41140122F46D0174FA9F9
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>...z...z...z...s.-.~......x......v......r......x......x...!..}...z.........{......{.....A.{......{...Richz...........................PE..d...f.._.........." .....x...................................................`...........`......................................... ...P...p........@.......0..........H....P...... ...T............................................................................text...Xv.......x.................. ..`.rdata...v.......x...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\_ssl.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):153672
                                                                                                                                                                                                                              Entropy (8bit):5.895447412110481
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3072:HlO4VRd4tXxAhr2uVk/Zytv7OazgnBYi5qTEVfa+MuUqZBIN47+:FD4tXyZ2AQytCazgatqZS
                                                                                                                                                                                                                              MD5:84DEA8D0ACCE4A707B094A3627B62EAB
                                                                                                                                                                                                                              SHA1:D45DDA99466AB08CC922E828729D0840AE2DDC18
                                                                                                                                                                                                                              SHA-256:DCF6B3FF84B55C3859D0F176C4CE6904C0D7D4643A657B817C6322933DBF82F6
                                                                                                                                                                                                                              SHA-512:FDAA7EB10F8BF7B42A5C9691F600EFF48190041A8B28A5DAB977170DB717FFF58DD0F64B02CA30D274552FF30EE02A6577F1465792CF6760366C2588BF373108
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................'...'.....'.....'...n...i.....................n...n...n.i...n...Rich..........................PE..d...h.._.........." .........................................................p............`.............................................d............P.......@.......>..H....`..........T............................................................................text............................... ..`.rdata..............................@..@.data....k.......f..................@....pdata.......@......................@..@.rsrc........P.......$..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-console-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22072
                                                                                                                                                                                                                              Entropy (8bit):4.729352106249244
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:+zOGWZhWsWJWadJCsVWQ4OW4f/hHssDX01k9z3AHQH4i/vN:+zBWZhWZCsFf/FDR9zcQvv
                                                                                                                                                                                                                              MD5:4A8F3A1847F216B8AC3E6B53BC20BD81
                                                                                                                                                                                                                              SHA1:F5AADC1399A9DA38087DF52E509D919D743E3EA7
                                                                                                                                                                                                                              SHA-256:29B7D786D9F421765A4F4904F79605C41E17C0A24D7F91E44C0B7B0DEA489FC3
                                                                                                                                                                                                                              SHA-512:E70D2B719517C413FA967CA1A8D224299AF55D988B3CC28013AAA3677660FAE9ECB6F858D31C08CD8A0888F932AF1384F0EAA928C002200F0710C2D5BDDCED1B
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...'6[o.........." ...&.....0...............................................@.......t....`A........................................p...,............0...............0..8&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-datetime-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22056
                                                                                                                                                                                                                              Entropy (8bit):4.582853727629458
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:SWZhWpWEXCVWQ4KWgfYXxwVIX01k9z3A2rZ2Co:SWZhWGVWR9zL12j
                                                                                                                                                                                                                              MD5:D7AD8DB12FF42D620A657127DADA1D88
                                                                                                                                                                                                                              SHA1:0CA381C734A3A93DC5F19C58DADFDCA9D1AFCCD8
                                                                                                                                                                                                                              SHA-256:26054D8FEBAB1AACF11AA5CB64055808CD33388A8E77D0B3BCBC7543B0EEA3BD
                                                                                                                                                                                                                              SHA-512:7E2D6B60ADBF97B22AB4B66691E483827D5755CFC6FCB5224369ADA53CBD8CDA43C4694A000EA4B5CEBC69A475B54DF0E9694C20AFD9EC62B4DB7B22241BDC45
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d................" ...&.....0...............................................@............`A........................................p................0...............0..(&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-debug-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):21960
                                                                                                                                                                                                                              Entropy (8bit):4.56864151469395
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:JWZhW9VWJWadJCsVWQ4mWJfTBm+0U8X01k9z3Ar+bP:JWZhWiCsofTBmo8R9zY+P
                                                                                                                                                                                                                              MD5:C68A86C180FF1FCAC90D1DA9A08179C1
                                                                                                                                                                                                                              SHA1:C287951441C957931DC4EBBEE4DC9426A4501554
                                                                                                                                                                                                                              SHA-256:2C91C4861E88C92693A1B145EBE2F69FFB90797CD42061E2D84F3D7FC009A941
                                                                                                                                                                                                                              SHA-512:857FBF9852596EF7263D8FAF970128487413C859246F58B15CEC32D11576894C47211A3BD9005F86C2A28FA6B67FBA96831C4953C0FA24E2373A6DAECB85E121
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d......}.........." ...&.....0...............................................@.......n....`A........................................p................0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22072
                                                                                                                                                                                                                              Entropy (8bit):4.635214855201274
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:hPmxD3jPWZhWUzWJWadJCsVWQ4KW8xwVIX01k9z3A2rEUOdu:hPAPWZhWUqCsLR9zLANA
                                                                                                                                                                                                                              MD5:A17FF429442D4E5298F0FAF95950A77D
                                                                                                                                                                                                                              SHA1:522A365DAD26BEDC2BFE48164DC63C2C37C993C3
                                                                                                                                                                                                                              SHA-256:8E9D1D206DA69DA744D77F730233344EBE7C2A392550511698A79CE2D9180B41
                                                                                                                                                                                                                              SHA-512:7D4E31251C171B90A0C533718655C98D8737FF220BCC43F893FF42C57AB43D82E6BD13FA94DEF5BB4205CAEC68DC8178D6B2A25AD819689F25DAD01BE544D5AC
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...h..,.........." ...&.....0...............................................@............`A........................................p................0...............0..8&..............p............................................................................rdata..H...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-fibers-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22056
                                                                                                                                                                                                                              Entropy (8bit):4.5745435750793515
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:NyWZhWPWEXCVWQ4OW+shHssDX01k9z3AHQHBhuWC:QWZhWEnsFDR9zcQk
                                                                                                                                                                                                                              MD5:73DD550364215163EA9EDB537E6B3714
                                                                                                                                                                                                                              SHA1:C24FCADFEE877D5402E2B4F8518C4F5F4A2CE4B4
                                                                                                                                                                                                                              SHA-256:0235C78780EFF0BD34FCE01D1C366E5E5936EA361676CB9711A4CFFF747D457A
                                                                                                                                                                                                                              SHA-512:2406D9D44D3ED86A95248B25CF574E0C06533CD916048A2FACD68F4DB48E49E8E8CE1917091BCFB273D0ACC210697CEB659930C896E51464C300EC06476D8CC2
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d....+............" ...&.....0...............................................@............`A........................................p................0...............0..(&..............p............................................................................rdata..`...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-file-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):26152
                                                                                                                                                                                                                              Entropy (8bit):4.87194572901717
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:1whDPvVr8rFTsKWZhWgWEXCVWQ4KWiOcADB6ZX01k9z3AT2s7u:WJPvVrQWZhW7KcTR9zW2s6
                                                                                                                                                                                                                              MD5:ECEE1B7DA6539C233E8DEC78BFC8E1F9
                                                                                                                                                                                                                              SHA1:052BA049F6D8CD5579E01C9E2F85414B15E6CBF8
                                                                                                                                                                                                                              SHA-256:249D7CD1C87738F87458B95ACE4AB8F87B0DE99EEEFB796F6B86CBA889D49B2C
                                                                                                                                                                                                                              SHA-512:EA21FE20336B8170B2A8CD13DF217E9EE87AA1D2B0BA476BEE2A97C3FCE57648C9AB664B9BA895D5BBBCD119F2BB6633BEDC85DAFBD7BF6853AA48B168A927F4
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d......b.........." ...&.....@...............................................P......A.....`A........................................p...x............@...............@..(&..............p............................................................................rdata........... ..................@..@.data........0......................@....rsrc........@.......0..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-file-l1-2-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22056
                                                                                                                                                                                                                              Entropy (8bit):4.608548224344036
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:u7xmWZhWlWEXCVWQ4KWs8HjKDUX01k9z3AmaS+5:u1mWZhWSYpR9zX78
                                                                                                                                                                                                                              MD5:3473BC217562594B5B126D7AEB9380E9
                                                                                                                                                                                                                              SHA1:B551B9D9AA80BE070F577376E484610E01C5171A
                                                                                                                                                                                                                              SHA-256:0D8190FD619FEB20DF123931108D499132F7051F1EBB0EF246082F4C52C88B22
                                                                                                                                                                                                                              SHA-512:036B93457ADE632AD68264D81FF26EE1156038E234C606882386D6BABCBE722A18E9CED1655F97CAECAF5FD514E261DAFE999A3E9FEC00CC677E177F0BF8E203
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...D............." ...&.....0...............................................@............`A........................................p...L............0...............0..(&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-file-l2-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):20960
                                                                                                                                                                                                                              Entropy (8bit):4.41968362445382
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:lC+WvhWRWYnO/VWQ4SWHvD480Hy5qnajsBkffy2:4+WvhWRUGEslECl
                                                                                                                                                                                                                              MD5:50ABF0A7EE67F00F247BADA185A7661C
                                                                                                                                                                                                                              SHA1:0CDDAC9AC4DB3BF10A11D4B79085EF9CB3FB84A1
                                                                                                                                                                                                                              SHA-256:F957A4C261506484B53534A9BE8931C02EC1A349B3F431A858F8215CECFEC3F7
                                                                                                                                                                                                                              SHA-512:C2694BB5D103BAFF1264926A04D2F0FE156B8815A23C3748412A81CC307B71A9236A0E974B5549321014065E393D10228A0F0004DF9BA677F03B5D244A64B528
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d.....mR.........." .........0...............................................@............`A........................................p................0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-handle-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22072
                                                                                                                                                                                                                              Entropy (8bit):4.612550828747309
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:/JWZhWdWJWadJCsVWQ4OWHhNy9hHssDX01k9z3AHQHXJw:/JWZhW8CsEh6FDR9zcQ5
                                                                                                                                                                                                                              MD5:53B1BEEE348FF035FEF099922D69D588
                                                                                                                                                                                                                              SHA1:7BC23B19568E2683641116F770773F8BCF03376B
                                                                                                                                                                                                                              SHA-256:3A52229BF8A9DF9F69A450F1ED7AFC0D813D478D148C20F88EC4169D19B0D592
                                                                                                                                                                                                                              SHA-512:85C7FFA63483D69870CD69BF40E2B4EA5992D6B82607EE9BFC354C3BD5079E18CFE2CA0BCAA2FE493B42226F4A8097737116EA023823CE3EF177596DD80EDCDB
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d.....v$.........." ...&.....0...............................................@............`A........................................p...`............0...............0..8&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-heap-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22056
                                                                                                                                                                                                                              Entropy (8bit):4.721465362736704
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:gIxlyWZhW6WEXCVWQ4KW3YfyttuX01k9z3AwQoz/fI:gIxlyWZhWtMSR9zVQE4
                                                                                                                                                                                                                              MD5:5846D53AC41102BB6F7E1F78717FEA7F
                                                                                                                                                                                                                              SHA1:72254F1B93F17C2C6921179C31CD19B1B4C5292D
                                                                                                                                                                                                                              SHA-256:059DFA16C1BBE5FF3A4B5443BA5E7AD1D41E392A873B09CFEF787020CA3E101F
                                                                                                                                                                                                                              SHA-512:0C29C0F562F1CABD794D8BF7F5CEF0B0213FCF52A71EB254E0122F88C6E03558CB2259CAFF6B46D3B055101EF5422318E48D6C7568CBF2423212B8ED4E8F0F7F
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...,v............" ...&.....0...............................................@............`A........................................p................0...............0..(&..............p............................................................................rdata..|...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):21944
                                                                                                                                                                                                                              Entropy (8bit):4.620454652680466
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:NHWZhWjWEXCVWQ4iWM0JKxu3O6YX01k9z3AFs5Ks:tWZhWYj0J8R9z2s5Ks
                                                                                                                                                                                                                              MD5:5A1569EFA80FD139B561A9677A661F8A
                                                                                                                                                                                                                              SHA1:FB0C824688E65ED12F52FA961EF3BAE5674F32AF
                                                                                                                                                                                                                              SHA-256:41C1EAF5545109E871ABEF7386AB1ABF9D2DE1762CB4720C945AFA8424858B00
                                                                                                                                                                                                                              SHA-512:1D2594C7F9757A95B41A9E6496F89C81FC96448B32CACB0C10D0DB8C28A95CF33B3AD23348BCD8FB37D82BD72865D3C60944206F2E795686440DE49BBCC39D7E
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d.....D.........." ...&.....0...............................................@............`A........................................p................0...............0...%..............p............................................................................rdata..L...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):21960
                                                                                                                                                                                                                              Entropy (8bit):4.842934040846033
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:8TvuBL3BBLMWZhWNWJWadJCsVWQ4iWBRBm+0U8X01k9z3Ar6V2EzVL:8TvuBL3BiWZhWMCsGRBmo8R9zY6V2w
                                                                                                                                                                                                                              MD5:5EB2D8E1B9C9BD462C808F492EF117C2
                                                                                                                                                                                                                              SHA1:60D398EC6E72AB670A2D9EF1B6747387C8DE724E
                                                                                                                                                                                                                              SHA-256:DB85F9AAE6E9A5F1664326FA3FB82FE1002A3053857724D6C8D979A07C1221A1
                                                                                                                                                                                                                              SHA-512:DF0EF770368F153104F828F1C2381BEA9A79E69DEFD43AF53BDD419B7D80144831E0C4CC8695BAEE9F26928F0C4A00FE4837C872313C37BCE1B23E6690A93BDA
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d.....hp.........." ...&.....0...............................................@......L#....`A........................................p................0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-localization-l1-2-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22072
                                                                                                                                                                                                                              Entropy (8bit):5.343540756101008
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:/naOMw3zdp3bwjGzue9/0jCRrndb5WZhW4Csq1IH6FDR9zcQ:SOMwBprwjGzue9/0jCRrndbkaSSl9z
                                                                                                                                                                                                                              MD5:0414909B279EA61CA344EDBE8E33E40B
                                                                                                                                                                                                                              SHA1:4ECE0DABE954C43F9BD5032DE76EC29C47B22E10
                                                                                                                                                                                                                              SHA-256:05B0C773A77850F3D50DDB4B82CC4D5F19316FE1AAA65E21B4709AE73F60A28E
                                                                                                                                                                                                                              SHA-512:EDBD33540CD1EF69F2CE824CFB991903EC6E4EDDA815F07D610247594CEEB2EBC78F05A44B4DE8C5C937191B7E8B2EF221423C06DF303D73DEEA721C25D15EED
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d.....#w.........." ...&.....0...............................................@......`.....`A........................................p................0...............0..8&..............p............................................................................rdata..D...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-memory-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22072
                                                                                                                                                                                                                              Entropy (8bit):4.7496431210219505
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:E6WZhW2WJWadJCsVWQ4KW7QLxwVIX01k9z3A2rgFl:E6WZhWTCsfR9zLUFl
                                                                                                                                                                                                                              MD5:5E93BF4AA81616285858CA455343B6D3
                                                                                                                                                                                                                              SHA1:8DE55BE56B6520801177F757D9E3235EC88085F7
                                                                                                                                                                                                                              SHA-256:C44EC29A51145281372007D241A2CC15B00D0BACC8ADFAAC61E8E82EFE8EA6A3
                                                                                                                                                                                                                              SHA-512:E6A46DAD1D7125DBAAF9D020100D7EC321620E38FDD1C931AF74E8EC25E841C52555EC9646A895AD4450DE94F70E82E9A237C2895DDFD16769B07CB73AD827E0
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...ee............" ...&.....0...............................................@............`A........................................p...l............0...............0..8&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22072
                                                                                                                                                                                                                              Entropy (8bit):4.6919844070599135
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:VWZhWo9WJWadJCsVWQ4KWcrY00pyEuX01k9z3A2pCaCI9p8Y:VWZhWTCsnrEpcR9zjpCDY
                                                                                                                                                                                                                              MD5:94FCE2F4B244D3968B75A4A61B2347AB
                                                                                                                                                                                                                              SHA1:C5898AF5FD941C19FCDD949C6B4E2BB090D040D2
                                                                                                                                                                                                                              SHA-256:C513BDC265654D2E9A304423F299FB46953631F0D78AF8C1D397CD58B491475A
                                                                                                                                                                                                                              SHA-512:1AFE1F3A9B803C5758FF24376FE040D856B5CA814717B490464260C9C78E70CE6C166EFBCC98E26AC12DD6173285B4863DA7DF4FF644D1D8150F8AC4B47113E1
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d..._+..........." ...&.....0...............................................@............`A........................................p................0...............0..8&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22072
                                                                                                                                                                                                                              Entropy (8bit):4.875726049629512
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:wgFWGWZhWmWJWadJCsVWQ4KWRYrxwVIX01k9z3A2r/3:jFjWZhWjCsDR9zLT3
                                                                                                                                                                                                                              MD5:DF64597430E1126C3BA0FE5ECF995004
                                                                                                                                                                                                                              SHA1:3E32AD558501FB9D108F885A55841605BE641628
                                                                                                                                                                                                                              SHA-256:9638950211CBDCDAEB886CAB277573391BF7DDA2FBDB24FC18D31125DC8A7C24
                                                                                                                                                                                                                              SHA-512:E16C1F5468BF2FC90B66B4B66DBAD62CDBE29180F8DA8AB8AD28D1B0C418CB96EADF24BB54F2EE9BCFE3176256D05F7EB591B6F908E47BD420BA22768FE0EA61
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d......e.........." ...&.....0...............................................@......Np....`A........................................p...H............0...............0..8&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22072
                                                                                                                                                                                                                              Entropy (8bit):5.215332998256423
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:rck1JzNcKSIVWZhWBCsbEpcR9zjpC/l2pB:zcKSFAEpw9z8/leB
                                                                                                                                                                                                                              MD5:D21BE88A58960EDFE83CCBBDF5C4103D
                                                                                                                                                                                                                              SHA1:3CB0D010837B77102E77CA62E1033EF4EB5473AC
                                                                                                                                                                                                                              SHA-256:3E909B4951E485DE391F9A101E513B32C6D3507674C4D666AD3105B939B25C24
                                                                                                                                                                                                                              SHA-512:99B1FDA3EC9292A59ED528AB243B4F8AC63E2D7B219135F26050BB7DD124A5D5DC4A14A69383A8AA0B03F0F0A3BCCF0C233EF09B8E3D3BDF43D0AA1CFC1A3992
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...\.YE.........." ...&.....0...............................................@.......l....`A........................................p................0...............0..8&..............p............................................................................rdata..d...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):21960
                                                                                                                                                                                                                              Entropy (8bit):4.761033474432705
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:2kDfIeeWZhWsWJWadJCsVWQ4iWZzbTseUfX01k9z3AuqBXh/Y:2kDfIeeWZhWZCsaz/6fR9zBg/Y
                                                                                                                                                                                                                              MD5:B1BA47D8389C40C2DDA3C56CBED14FC5
                                                                                                                                                                                                                              SHA1:2EEF9FFA32171D53AFFA44E3DB7727AA383F7FAC
                                                                                                                                                                                                                              SHA-256:C7277C05DC6B905FAD5CB930B0ECFBBC4676B46974B4571E54CA44CB6F6BE404
                                                                                                                                                                                                                              SHA-512:466E31F17F73BDA5149343B23F4966502A8597D2A2E43F9A6C9C32387451D92C6B658CCAAE27044E68E4A9FD0EF9C89E32DC7639D59FCF04C596B6ABFA09658B
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d................" ...&.....0...............................................@......,.....`A........................................p................0...............0...%..............p............................................................................rdata..\...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-profile-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):21960
                                                                                                                                                                                                                              Entropy (8bit):4.548179328701105
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:gWZhWtWJWadJCsVWQ4iWocCJOowcLK+X01k9z3A+TU3v:gWZhWsCsNy6R9zZY3v
                                                                                                                                                                                                                              MD5:430D7CDD96BC499BA9EB84BB36AA301A
                                                                                                                                                                                                                              SHA1:48B43F6E4FFA8423966D06B417B82C5F72525DD9
                                                                                                                                                                                                                              SHA-256:3E16B030A162EE3B4F6BF612AF75D02A768A87F2D6A41A83F5ADAB2EC3C24DD1
                                                                                                                                                                                                                              SHA-512:51042EBCA24086E1D0015FA921816A2F3C56065E1E15190B48C58656EB88610D64ACACB87584981963CAB501985C2CB68E53075CF5E0C65761BBDDAF56FBBAB0
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...x.\..........." ...&.....0...............................................@......C.....`A........................................p................0...............0...%..............p............................................................................rdata..P...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22056
                                                                                                                                                                                                                              Entropy (8bit):4.742588003611338
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:ahGeVfWZhWIlWEXCVWQ4KWEyttuX01k9z3AwQoz/C5N:ahGeVfWZhWDaSR9zVQEKz
                                                                                                                                                                                                                              MD5:C03DAA9E875FF8638F631B1C95F4B342
                                                                                                                                                                                                                              SHA1:71EAEACCEA8A302F87D1594CE612449C1195E882
                                                                                                                                                                                                                              SHA-256:A281AE7A487ECEA619E696903E5A8119AE3F9E9EB2F0B64B31A8324B530A4D35
                                                                                                                                                                                                                              SHA-512:EFA6CA2710F9827888F2CFCB87A321D66593B39988EBF743F37E2B8FE77DBA9517BDD8571D0BE7573CD6E1C786C1EDBA10857CFB6060E315AA0D46A16523D43B
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d................." ...&.....0...............................................@...........`A........................................p...<............0...............0..(&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-string-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22072
                                                                                                                                                                                                                              Entropy (8bit):4.653065529702944
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:AO9qVQzyMvrSWZhWqWJWadJCsVWQ4OWI+tDohHssDX01k9z3AHQHP6b:ywyMvWWZhWHCsuRoFDR9zcQ
                                                                                                                                                                                                                              MD5:9AB1BDE57B958090D53DE161469E5E8D
                                                                                                                                                                                                                              SHA1:8452AED000B2E77040BA8B1E5762532CDF5A60AD
                                                                                                                                                                                                                              SHA-256:199C988D566F19E8C67F4CD7147A7DF591CD2F2D648CBC511A5E4580346E75F4
                                                                                                                                                                                                                              SHA-512:CF53C6885E154A05F8773D6B66A605049D70CC544F22A11D423C885608CD387446306CE6DFEE2CC4EE9387CDC0A50DA55948B5E55AD94ACDE7C7FD04FE38A137
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...epXN.........." ...&.....0...............................................@.......?....`A........................................p................0...............0..8&..............p............................................................................rdata..l...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-synch-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22072
                                                                                                                                                                                                                              Entropy (8bit):5.131579423253394
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:zewidv3V0dfpkXc0vVaU8WZhWOCswEpcR9zjpCuSU:aHdv3VqpkXc0vVamKEpw9z8uj
                                                                                                                                                                                                                              MD5:2C4BE18E4D56E056B3FB7C2AFB032E9E
                                                                                                                                                                                                                              SHA1:9620C91A98175DDDCCC1F1AF78393143249E9EB9
                                                                                                                                                                                                                              SHA-256:56657DA3DB3877624F5DAD3980DF3235FE7E1038916627C0845B5001199D513F
                                                                                                                                                                                                                              SHA-512:18CBB5671ED99B475C7F6FF2D41943BA6D28FBBD781884BF069D1AA83F051C00D61BAA11459DCCA4FE2A4BC26C3540E1F598E4E0AE59A5E18D340A68B695ED78
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d.....Y.........." ...&.....0...............................................@............`A........................................p...X............0...............0..8&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-synch-l1-2-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):21944
                                                                                                                                                                                                                              Entropy (8bit):4.795933306978902
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:stZ3rWZhWrWEXCVWQ4iWJmDoSJj+iX01k9z3ATaF2k:stZ3rWZhWgSmDX+iR9zYaz
                                                                                                                                                                                                                              MD5:B865442FB6836A9B933A216109FF3D0F
                                                                                                                                                                                                                              SHA1:15011FCAEA649CA016FA93996639F59C23B74106
                                                                                                                                                                                                                              SHA-256:498194CFE8B1138385595A7DB3863ADF29A9663551D746FB64648FFD075186B3
                                                                                                                                                                                                                              SHA-512:EEB9FA00A941C4B30320FBB9ECC2717E53D13CD12394500D795BE742DBE25C5FDF8590E9FE7F3B210A9D9AA07C7392419823A6A947591E7A38707A87309A2B76
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...^Q............" ...&.....0...............................................@............`A........................................p...x............0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):21960
                                                                                                                                                                                                                              Entropy (8bit):4.851336652526625
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:wgdKIMFCbmaovWZhW4WJWadJCsVWQ42Wns9rxu3O6YX01k9z3AFzqw9Sl:dj78WZhWlCs4s9fR9z2On
                                                                                                                                                                                                                              MD5:1F0AB051A3F210DB40A8C5E813BA0428
                                                                                                                                                                                                                              SHA1:E2EC19439618DF1D6F34EE7C76108E3EA90A8B14
                                                                                                                                                                                                                              SHA-256:2D4CDDA6D6AEC0B1A84D84528380C5650683B8EED680F3CAFD821AC7F422070C
                                                                                                                                                                                                                              SHA-512:A8BA535580D6756AC30E725411980A8D17E9A8AA1229233BB7A9B15C55B18B61136772D5D75CCE0EDF21B0F300BBD4D2458A4C69762261E928EF3CB7D5A14BDD
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...8"0..........." ...&.....0...............................................@............`A........................................p...H............0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22056
                                                                                                                                                                                                                              Entropy (8bit):4.814262557975911
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:ShmnWZhWQWEXCVWQ4KW6lho1NVAv+cQ0GX01k9z3AOHMCQH:SAWZhWLTH4NbZR9zDHMR
                                                                                                                                                                                                                              MD5:953C63EF10EC30EF7C89A6F0F7074041
                                                                                                                                                                                                                              SHA1:4B4F1FF3085FDED9DBD737F273585AD43175B0A3
                                                                                                                                                                                                                              SHA-256:C93954167C12E15B58AC95240D2E0A2FBD94561D739D9F6ACA906D9C30453496
                                                                                                                                                                                                                              SHA-512:B4534785E4D02AD387E3C6082884D438CC4B3CD8758AABCF99620052F5842DBD298351BC1723C274D4F7D3FCE0CC940DF3D47865FECE2F07CDB1151376BA852E
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d....*............" ...&.....0...............................................@............`A........................................p...H............0...............0..(&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-util-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22064
                                                                                                                                                                                                                              Entropy (8bit):4.599333886916871
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:hWZhWaWJWadJCsVWQ4qWiTl+hHssDX01k9z3AHQHFUUG:hWZhWXCs/+FDR9zcQDG
                                                                                                                                                                                                                              MD5:85A8B925D50105DB8250FA0878BB146E
                                                                                                                                                                                                                              SHA1:4B56D7EB81E0666E0CD047F9205584A97CE91A01
                                                                                                                                                                                                                              SHA-256:F3324803591D2794BAD583C71D5036976941631A5F0E6D67C71FC8BA29F30BA8
                                                                                                                                                                                                                              SHA-512:CB074508052FAFA8BAA2E988E0F4241411A543E55A6A9FEE915029C6AA87C93CCE1F0B14FE0658361B6B4AB6880B31A950C215404C0D71D8A862D4E74AB3B797
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d................" ...&.....0...............................................@............`A........................................p...<............0...............0..0&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-conio-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22072
                                                                                                                                                                                                                              Entropy (8bit):4.90510985681131
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:LhoWZhWEWWJWadJCsVWQ4KWiJYCY00pyEuX01k9z3A2pCapIcR/3:+WZhWEzCs1REpcR9zjpCw3
                                                                                                                                                                                                                              MD5:43760078912B411595BCDED3B2EB063D
                                                                                                                                                                                                                              SHA1:BD00CD60FD094B87AB0CFF30CD2AFE0A78853F22
                                                                                                                                                                                                                              SHA-256:0A9BCAA55326373200396BB1AF46B3058F8F7AF7BE3289544DDDBAFDEC420FEA
                                                                                                                                                                                                                              SHA-512:D779F67BBB6E9867BCEF7667C28E0032C01F36B8EA418504E9683240A6C0D9640B24D1DC5FA78CC9DCC4515F7BE0D314F27EBCEBC047B2E0F71680905D87827B
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...8q............" ...&.....0...............................................@.......@....`A.........................................................0...............0..8&..............p............................................................................rdata..p...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-convert-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):26152
                                                                                                                                                                                                                              Entropy (8bit):4.868380796510273
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:tk9cydWZhWVWEXCVWQ4KWvcADB6ZX01k9z3AT2BE:ttydWZhWiWcTR9zW2e
                                                                                                                                                                                                                              MD5:55E742035343AF7B93CAEEB71D322BED
                                                                                                                                                                                                                              SHA1:121134DFECA618EC3FAE3FB640E541141D0C7B65
                                                                                                                                                                                                                              SHA-256:2364FA428DEBA813B8A27B369ACEA8ED365AA5C9DA776D57E146576920746F0E
                                                                                                                                                                                                                              SHA-512:601474B8C9185CB734DF191F4382590F1466C0A32773E17C73AFA5C1446DC648253D44E4EBAD6CE0D29288AFB1D7794C09FF0D7CFE81A3ADC3DC26B3DA46103D
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d.....!B.........." ...&.....@...............................................P......s.....`A.........................................................@...............@..(&..............p............................................................................rdata..n........ ..................@..@.data........0......................@....rsrc........@.......0..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-environment-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22072
                                                                                                                                                                                                                              Entropy (8bit):4.728659141523223
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:QhWZhWyWJWadJCsVWQ4KWQU2Y00pyEuX01k9z3A2pCa/IcbY:QhWZhWPCsPEpcR9zjpCuk
                                                                                                                                                                                                                              MD5:4EEB879FCEEAE59927F98A1A199B59CA
                                                                                                                                                                                                                              SHA1:3BB833EDF4C10B42B7B376B93644CCC7F9A4B0F8
                                                                                                                                                                                                                              SHA-256:E1B95E27CAD9DA4F0BD8BF4C913F49B9B8DA6D28303F2946B55DA3BD7FEB36A3
                                                                                                                                                                                                                              SHA-512:6A43EB0C660395A60D17401E948BC4DA010261197EA13B5C9E043E7EE93C30EB17EFB9B6B138ECDD77DDC3D0CAA98921B57BFC244F6CD554417A0FBA5C9407B0
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...F..5.........." ...&.....0...............................................@......a.....`A............................................"............0...............0..8&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):21944
                                                                                                                                                                                                                              Entropy (8bit):5.169073785182673
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:GEpnWlC0i5ClWZhWPWEXCVWQ4iWv6I8HNsAX01k9z3AqjEgr7HO:vnWm5ClWZhWENtHNsAR9zygr6
                                                                                                                                                                                                                              MD5:1FD59E1DD71EB3BDADB313029710DC33
                                                                                                                                                                                                                              SHA1:82F5DE117D9C55247DA873AB8AD23F4E07841366
                                                                                                                                                                                                                              SHA-256:953E4403094EC0C3E8C3A9AB38012CC36D86AC5FE3FFF2D6B6C5F51F75737C46
                                                                                                                                                                                                                              SHA-512:69608FF0127587B93DB86C8CB27A932FA4B550C7D8D908F9FB8579BA2BCCC6D43E7283363F7B46DD39A40A8C790A030028A78302703658FD5D68F5EE9452A5AA
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d................" ...&.....0...............................................@............`A.........................................................0...............0...%..............p............................................................................rdata..0...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-heap-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):21960
                                                                                                                                                                                                                              Entropy (8bit):4.827217723133749
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:rvh8Y17aFBRIWZhWdWJWadJCsVWQ4iWwBxu3O6YX01k9z3AFAjjHVy:bLdWZhW8CsRFR9z2AjjHVy
                                                                                                                                                                                                                              MD5:481282554B34E19C77978DC7888434E6
                                                                                                                                                                                                                              SHA1:BD33F1189FC79AC57716F9D030EF0BDD30205115
                                                                                                                                                                                                                              SHA-256:8895C5AB2152A7F25F0C44A3457867229046952106D422331A1C57AD7935B47E
                                                                                                                                                                                                                              SHA-512:FBE98FDA91618DD980709BABD8E56B8C4C4FF370E6DE23075F89303AAFFFD723DDDFD270F388C573914385E957ADD756BFE2B1FCEF5F9F86CB30E111177A52E9
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d....eM..........." ...&.....0...............................................@......$.....`A.........................................................0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-locale-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):21944
                                                                                                                                                                                                                              Entropy (8bit):4.790131923417916
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:dDWZhWqqWEXCVWQ4iWEchBm+0U8X01k9z3Areh3:1WZhWaf2Bmo8R9zYs
                                                                                                                                                                                                                              MD5:78FC4A7E489F64EA5E0A745C12477FD8
                                                                                                                                                                                                                              SHA1:51AB73B5142EE2F742ABDAEDF427690613A19F4A
                                                                                                                                                                                                                              SHA-256:C12C28E3391A8C8ADCABE4632470DE824118C56338F46FCD8B99257709F50604
                                                                                                                                                                                                                              SHA-512:C9064FF0B39421B28720E65E70695A997995CBEC80F1534D88B886BDA1797A7316D9B61E458B894B528C7BCE21C36F1D4ACD916DE96D0CDFDE59107EA93CD5D7
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...j5O@.........." ...&.....0...............................................@.......{....`A............................................e............0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-math-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):30248
                                                                                                                                                                                                                              Entropy (8bit):5.124756298989814
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:r7yaFM4Oe59Ckb1hgmLhWZhWPC2R9zQaXy:/FMq59Bb1jMbK9zni
                                                                                                                                                                                                                              MD5:A12569B252B6761A6330D2FFB6C2983B
                                                                                                                                                                                                                              SHA1:CC6BDB88B252144AF816976A181D2B3B961CE389
                                                                                                                                                                                                                              SHA-256:AB0DE0CF89F88B947E01A5AB630D71384AD69F903CEF063CCB10DE54D061EA2E
                                                                                                                                                                                                                              SHA-512:EE9CB0E2C613374348A34E4A65C83DA8D35E6E841F50EED726FF397C7BB6EC430ED200B3B1A541041A91EBE5AE0C96270EE7B891C8C173B340C82ABD2CDF8750
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...K..G.........." ...&.....P...............................................`.......$....`A.............................................%...........P...............P..(&..............p............................................................................rdata...'.......0..................@..@.data........@......................@....rsrc........P.......@..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-process-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):21944
                                                                                                                                                                                                                              Entropy (8bit):4.851114039202199
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:HeXrqjd79WZhWHWEXCVWQ4iWs1lNowcLK+X01k9z3A++/+e:H4rEWZhWcRTN6R9zZK
                                                                                                                                                                                                                              MD5:38D1C8D2AA2023D85ACA69286D79FB78
                                                                                                                                                                                                                              SHA1:A97E806268DC4EE781EC2BFB654ED8BF91C2A83A
                                                                                                                                                                                                                              SHA-256:381A09A63B5818A2499144ADBD8C5F6BBCFCE93D643E9920CC54485006FBCC48
                                                                                                                                                                                                                              SHA-512:FC71441009EBE69DFBC04A791CB401306CB88F7BED5290CD899E234D290209917DC7FBD0D0D1A16CEB056858C77306B8EE5F3C17432F3594904B73B20162738E
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d................" ...&.....0...............................................@............`A............................................x............0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):26152
                                                                                                                                                                                                                              Entropy (8bit):5.013491600663517
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:pmGqX8mPrpJhhf4AN5/KixWZhWnWEXCVWQ4KWMKDUX01k9z3AmaSAWXH:pysyr7PWZhW83pR9zX7VH
                                                                                                                                                                                                                              MD5:DC8BFCEEC3D20100F29FD4798415DC00
                                                                                                                                                                                                                              SHA1:BD4764BE2833F40C1CC54229C759F83D67AE5294
                                                                                                                                                                                                                              SHA-256:4950D0A97CB18971355247FECCFD6F8EA24E46BCA30F54540C050E4631EC57A8
                                                                                                                                                                                                                              SHA-512:CC7899AD716A81AF46D73B1CB8DED51AEE9619F2ACCC35859E351FB8EE4F965F5BCC9ADBB7353CA7A3C8E39D36C09481F66519CB173DA1D2578718C764FB6FAE
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d....Xj..........." ...&.....@...............................................P............`A............................................4............@...............@..(&..............p............................................................................rdata........... ..................@..@.data........0......................@....rsrc........@.......0..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):26168
                                                                                                                                                                                                                              Entropy (8bit):5.280902373266687
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:cqy+OV2OlkuWYFxEpah7WZhWNWJWadJCsVWQ4KW2TaY00pyEuX01k9z3A2pCahIS:8+OV2oFVh7WZhWMCsveEpcR9zjpCKn
                                                                                                                                                                                                                              MD5:4A3342BCE6B58EF810E804F1C5915E40
                                                                                                                                                                                                                              SHA1:FE636CCA0A57E92BB27E0F76075110981D3B3639
                                                                                                                                                                                                                              SHA-256:2509179079A598B3E5DFD856D8E03E45DE7379C628901DBD869EC4332DDB618C
                                                                                                                                                                                                                              SHA-512:F0C626F88F016C17FA45EA62441DD862A9575666EC06734F61D8E153C5F46A016FE1D9271293A8E29AFBD167F7A381E3EE04CB413736BC224AC31E0FE760341C
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...T.w..........." ...&.....@...............................................P......x.....`A............................................a............@...............@..8&..............p............................................................................rdata........... ..................@..@.data........0......................@....rsrc........@.......0..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-string-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):26168
                                                                                                                                                                                                                              Entropy (8bit):5.274613783530853
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:7CV5yguNvZ5VQgx3SbwA71IkFhmwEpw9z8Eb:A5yguNvZ5VQgx3SbwA71IyVEp4z5
                                                                                                                                                                                                                              MD5:2E657FE299572EACDAC67F4B9F603857
                                                                                                                                                                                                                              SHA1:EB4FBC0147D4DF5D4EF81953BC1265D505A19297
                                                                                                                                                                                                                              SHA-256:EC3C2BFF10B9469AC9C6ED109307731A1A4694FB54856DDD082A2FFD3CC34DF2
                                                                                                                                                                                                                              SHA-512:EE3899584ECECE342ACCBD73D681358CFE8B4FD2ED07CF3034B14F3D04E3B03E5D6D041A0AFCB0B2B2B5AFAC118032317B5ECA00D11F7703D9D0DAE0E3AC38F7
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d......G.........." ...&.....@...............................................P......}.....`A.........................................................@...............@..8&..............p............................................................................rdata.._........ ..................@..@.data........0......................@....rsrc........@.......0..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-time-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22072
                                                                                                                                                                                                                              Entropy (8bit):5.236019047489365
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:AlhwDiWZhWgWJWadJCsVWQ4KWIq4nzY00pyEuX01k9z3A2pCa0Il:yWZhWtCsDxzEpcR9zjpC2
                                                                                                                                                                                                                              MD5:9BC895E2CC140E168FA55372FCE8682B
                                                                                                                                                                                                                              SHA1:579D71E19331625DDA84BAA9D8B81DD3BAFC9913
                                                                                                                                                                                                                              SHA-256:287F80B2B330CC5F9FDF47DE50B189993CE925B5E2B7A6DA5CDAEF9C7D5F36C1
                                                                                                                                                                                                                              SHA-512:DE0E5C6F9656106FCF2443D863D26C4B16BBB5B40E676199F9C459BE02B4837A2D32BDDDA82543EB2E0BF14A27EDEA7F5D506914DA8D63DA77ED7CCD2204AA65
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...M.l..........." ...&.....0...............................................@...........`A.........................................................0...............0..8&..............p............................................................................rdata..=...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-utility-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22072
                                                                                                                                                                                                                              Entropy (8bit):4.794932075714544
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:y/fHQdu3WZhWKWJWadJCsVWQ4KWbyg8Y00pyEuX01k9z3A2pCaFIpM:y/f5WZhWnCsmyg8EpcR9zjpCxM
                                                                                                                                                                                                                              MD5:4653DA8959B7FE33D32E61E472507D54
                                                                                                                                                                                                                              SHA1:6D071B52F40DC609F40989B3DD0FB53124607DF8
                                                                                                                                                                                                                              SHA-256:B7E186A946119791E42F17E623732E23F864F98B592C41D95B3DA0532EA9D5F3
                                                                                                                                                                                                                              SHA-512:81E17CF4B64ED5EFBA191D35B1877384544557C3001EFA0321A755A35413740AE66E39E39F573D3184EF8C893C739A74D37F170FE540F81177A83B44BC18BA6D
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d....s$..........." ...&.....0...............................................@......f.....`A............................................^............0...............0..8&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1029627
                                                                                                                                                                                                                              Entropy (8bit):5.501988597633617
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24576:fhidb8tosQNRs54PK4IMiVw59bfCEzX2TBEx7gR32Dq:fhidb8tosQNRs54PK4I29OTBA7iKq
                                                                                                                                                                                                                              MD5:BF8C0D4A45F2C849F32485A563ECBF6F
                                                                                                                                                                                                                              SHA1:463617160DCB24C679C40A53B5A89B8B199B1708
                                                                                                                                                                                                                              SHA-256:0365E936E50D48B88DB4630735ED6D4D8A57FC933CAB533C36CA1267213E8B14
                                                                                                                                                                                                                              SHA-512:01FC89A4BDCFCA4532930A58A02639151DBBAE0EF751D75ADCE258741CD09F3DA1625C8769856C0CCCB2DC8A4F2A713035F00792B3FB2DACB454BAE35CCCD528
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:PK..........!...7............._bootlocale.pycU....................................@....z...d.Z.d.d.l.Z.d.d.l.Z.e.j...d...r,d.d.d...Z.nJz.e.j...W.n4..e.k.rj......e.e.d...r\d.d.d...Z.n.d.d.d...Z.Y.n.X.d.d.d...Z.d.S.)...A minimal subset of the locale module used at interpreter startup.(imported by the _io module), in order to reduce startup time...Don't import directly from third-party code; use the `locale` module instead!......N..winTc....................C........t.j.j.r.d.S.t.....d...S.).N..UTF-8.........sys..flags..utf8_mode.._locale.._getdefaultlocale....do_setlocale..r......_bootlocale.py..getpreferredencoding...............r......getandroidapilevelc....................C........d.S.).Nr....r....r....r....r....r....r...............c....................C........t.j.j.r.d.S.d.d.l.}.|...|...S.).Nr....r......r....r....r......localer......r....r....r....r....r....r.....................c....................C....6...|.r.t...t.j.j.r.d.S.t...t.j...}.|.s2t.j.d.k.r2d.}.|.S.).Nr......darwin....A

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\bcrypt\_bcrypt.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):304128
                                                                                                                                                                                                                              Entropy (8bit):6.439270025490856
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6144:YotX4Kpgfhnyu9Bkio/5hV+6gSa/AUJed:YcXlOAuDkioBj+Md
                                                                                                                                                                                                                              MD5:C00C889C86F1953954B15D59FB93F888
                                                                                                                                                                                                                              SHA1:C642CB2C0A198999E1E8C22D0D5A329475B2D95F
                                                                                                                                                                                                                              SHA-256:93477D20C0BF0235B0287FB8274F563EDE810838154C4EF841B3388B3BE6387B
                                                                                                                                                                                                                              SHA-512:0EA1532C13302FD85707E7E33DB5A0E35C407EAAFC7CF5CC2DB6C0662A940C32D9925CFCBE385475883D2F1706EA4CADBAE65A9E4F857A963CC9E638E7F6B823
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........?..Q..Q..Q......Q.''P..Q.''R..Q.''U..Q.''T..Q.%P..Q..P..Q..P.d.Q..Q.Q.. Q..Q.. S..Q.Rich.Q.................PE..d......f.........." ...(.$...~......|.....................................................`..........................................w..T....w..................x'..............4.......T.......................(.......@............@...............................text...6#.......$.................. ..`.rdata...F...@...H...(..............@..@.data...0............p..............@....pdata..x'.......(...t..............@..@.reloc..4...........................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\certifi\cacert.pem

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):291528
                                                                                                                                                                                                                              Entropy (8bit):6.047650375646611
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5NP:QWb/TRJLWURrI5RWavdF0J
                                                                                                                                                                                                                              MD5:181AC9A809B1A8F1BC39C1C5C777CF2A
                                                                                                                                                                                                                              SHA1:9341E715CEA2E6207329E7034365749FCA1F37DC
                                                                                                                                                                                                                              SHA-256:488BA960602BF07CC63F4EF7AEC108692FEC41820FC3328A8E3F3DE038149AEE
                                                                                                                                                                                                                              SHA-512:E19A92B94AEDCF1282B3EF561BD471EA19ED361334092C55D72425F9183EBD1D30A619E493841B6F75C629F26F28DC682960977941B486C59475F21CF86FFF85
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\charset_normalizer\md.cp38-win_amd64.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):10752
                                                                                                                                                                                                                              Entropy (8bit):4.672271015164389
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:IdCh72HzA5iJGhU2Y0hQMsQJCUCLsZEA4elh2XQMtCFQHq0fcX6g8cim1qeSju1:Im2HzzU2bRYoeuHncqgvimoe
                                                                                                                                                                                                                              MD5:38105DF780EDDD734027328E0DCA0CA3
                                                                                                                                                                                                                              SHA1:45F1D9E3472478F8E1BA86675F5C81C00B183BEA
                                                                                                                                                                                                                              SHA-256:9512896233D2119E78E2E1FCFD83643B2BE2B427F08D16FC568FE98B9D4913CB
                                                                                                                                                                                                                              SHA-512:BA2A05C236CE47D87888F618BE2B23532D0D882578707B07AE220A96883B468F7088A19EBBE3BAC2ADF4035DA6B7EE6FA9E57B620E2BC67B28E54CD969D6BBB3
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B1...P...P...P...(...P.../...P..M(...P.../...P.../...P.../...P...$...P...P.. P..?...P..?...P..?.a..P..?...P..Rich.P..........................PE..d....gAe.........." ...%.....................................................p............`..........................................'..l...\(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\charset_normalizer\md__mypyc.cp38-win_amd64.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):118784
                                                                                                                                                                                                                              Entropy (8bit):5.878471536699278
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3072:fwyXU0GUUIB37Jy/TcqxcBpAFbbC6CpmZ48q:YUqxEqCfEZpq
                                                                                                                                                                                                                              MD5:073F09E1EDF5EC4173CE2DE1121B9DD1
                                                                                                                                                                                                                              SHA1:6CDB2559A1B706446CDD993E6FD680095E119B2E
                                                                                                                                                                                                                              SHA-256:7412969BFE1BCA38BBB25BAB02B54506A05015A4944B54953FCFDB179EC3F13C
                                                                                                                                                                                                                              SHA-512:70A1A766001EC78A5FCE7EADF6CAE07F11B3CA6B08115E130C77D024524879577CCAB263C596102102B1569933C601592FBB5EE07C7DB123BB850965EF8E8E96
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............pr..pr..pr......pr...s..pr...s..pr...w..pr...v..pr...q..pr.#.s..pr..ps..pr...z..pr...r..pr......pr...p..pr.Rich.pr.........................PE..d....gAe.........." ...%.*.......... -....................................... ............`.............................................`...P.......................................Px...............................w..@............@...............................text...H(.......*.................. ..`.rdata...W...@...X..................@..@.data...8=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\cryptography-3.4.8.dist-info\INSTALLER

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4
                                                                                                                                                                                                                              Entropy (8bit):1.5
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:Mn:M
                                                                                                                                                                                                                              MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                              SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                              SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                              SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:pip.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\cryptography-3.4.8.dist-info\LICENSE

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):323
                                                                                                                                                                                                                              Entropy (8bit):4.554768229532207
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:h9Co8FyQjkDYc5tWreLBF/pn2mHr2DASvUSBT5+FL8tjivzn:h9aVM/mrGzRsvUSBT5+J8li7n
                                                                                                                                                                                                                              MD5:BF405A8056A6647E7D077B0E7BC36ABA
                                                                                                                                                                                                                              SHA1:36C43938EFD5C62DDEC283557007E4BDFB4E0797
                                                                                                                                                                                                                              SHA-256:43DAD2CC752AB721CD9A9F36ECE70FB53AB7713551F2D3D8694D8E8C5A06D6E2
                                                                                                                                                                                                                              SHA-512:16590110B2F659D9C131B2093E05D30919A67368154305DCFE8D54FB88525F49F9F9F385A77BA5BCBEA8092061011D72B1BCC65CDC784BCFDDE10CE4DCE5586F
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses...The code used in the OS random engine is derived from CPython, and is licensed.under the terms of the PSF License Agreement..

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\cryptography-3.4.8.dist-info\LICENSE.APACHE

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):11360
                                                                                                                                                                                                                              Entropy (8bit):4.426756947907149
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                                              MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                                              SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                                              SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                                              SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\cryptography-3.4.8.dist-info\LICENSE.BSD

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1532
                                                                                                                                                                                                                              Entropy (8bit):5.058591167088024
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                                              MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                                              SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                                              SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                                              SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\cryptography-3.4.8.dist-info\LICENSE.PSF

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):2415
                                                                                                                                                                                                                              Entropy (8bit):5.015031803022437
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:xUXyp7TEJzIXFCPXB/XF/gwHsV3XF2iDaGkiCXF1u0A2s/8AMUiioTqNyPhIXF+v:KXG3EJ0EPX9rsV3ZdkZ8oAShTkyZIYAw
                                                                                                                                                                                                                              MD5:43C37D21E1DBAD10CDDCD150BA2C0595
                                                                                                                                                                                                                              SHA1:ACF6B1628B04FE43A99071223CDBD7B66691C264
                                                                                                                                                                                                                              SHA-256:693EC0A662B39F995A4F252B03A6222945470C1B6F12CA02918E4EFE0DF64B9F
                                                                                                                                                                                                                              SHA-512:96D7C63AD24F7543599F0FED919948E486B35D01694BE02D980A8BA3D2A8B5A0E42341D940841D3528F56F09A582D32B3E81DED44BB3AAD1874C92650CB08129
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:1. This LICENSE AGREEMENT is between the Python Software Foundation ("PSF"), and. the Individual or Organization ("Licensee") accessing and otherwise using Python. 2.7.12 software in source or binary form and its associated documentation...2. Subject to the terms and conditions of this License Agreement, PSF hereby. grants Licensee a nonexclusive, royalty-free, world-wide license to reproduce,. analyze, test, perform and/or display publicly, prepare derivative works,. distribute, and otherwise use Python 2.7.12 alone or in any derivative. version, provided, however, that PSF's License Agreement and PSF's notice of. copyright, i.e., "Copyright . 2001-2016 Python Software Foundation; All Rights. Reserved" are retained in Python 2.7.12 alone or in any derivative version. prepared by Licensee...3. In the event Licensee prepares a derivative work that is based on or. incorporates Python 2.7.12 or any part thereof, and wants to make the. derivative work available to ot

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\cryptography-3.4.8.dist-info\METADATA

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):5068
                                                                                                                                                                                                                              Entropy (8bit):5.076339504081192
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:DDKVZ4WQIUQIhQIKQILbQIRIaMmPktxsx/1A0ivAEYaCjF04rpklE2jQech5mjvj:0acPuPXs/u0ivAEYaCjF04rpklE2jE03
                                                                                                                                                                                                                              MD5:6723294F406FC0A1E70892680472A8E1
                                                                                                                                                                                                                              SHA1:18802D07F5E3C416BD27B204AF13EE08316E0C4A
                                                                                                                                                                                                                              SHA-256:CFB2C2C8067495438DC92FD335B51A04584A01283FCDDB6E4B03859049BEA2C6
                                                                                                                                                                                                                              SHA-512:97DBDFF77AE87E5AED7A680668F9E8FB4A1FF5F3A7CB290E064896DF99ED2954E5D69433C605EAF97BE44D980FC4564C10A39176650BA4CBCE37FBCA0E22BE92
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:Metadata-Version: 2.1.Name: cryptography.Version: 3.4.8.Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers..Home-page: https://github.com/pyca/cryptography.Author: The Python Cryptographic Authority and individual contributors.Author-email: cryptography-dev@python.org.License: BSD or Apache License, Version 2.0.Platform: UNKNOWN.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Classifier: Operating System :: POSIX :: Linux.Classifier: Operating System :: Microsoft :: Windows.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language ::

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\cryptography-3.4.8.dist-info\RECORD

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:CSV text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):16213
                                                                                                                                                                                                                              Entropy (8bit):5.517159774741598
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:NUXaxfEhrvJzrPMOOZWGmAufMdpdNT2UbycOpCNOvUfomBN:NUKxfEhrvJzbI2kF/N
                                                                                                                                                                                                                              MD5:B7B9537DB89E17783D25AFB4EC15F462
                                                                                                                                                                                                                              SHA1:77B37400EE0F3751C9BED57C2B3BB38F0F801FE2
                                                                                                                                                                                                                              SHA-256:771938223E14E33E82D4D16D8D4FA873D196C164CBEF5ECBADED8C5EE2A59DAC
                                                                                                                                                                                                                              SHA-512:8DF93B200B10A55549BB04ABED1AECCCD4952FFFE829C3F90097602125B425C5E5812077DD3CC9F993E3FE02AC887C046AE06A345471419E77AC14F2A757EAB9
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:cryptography-3.4.8.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-3.4.8.dist-info/LICENSE,sha256=Q9rSzHUqtyHNmp827OcPtTq3cTVR8tPYaU2OjFoG1uI,323..cryptography-3.4.8.dist-info/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-3.4.8.dist-info/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography-3.4.8.dist-info/LICENSE.PSF,sha256=aT7ApmKzn5laTyUrA6YiKUVHDBtvEsoCkY5O_g32S58,2415..cryptography-3.4.8.dist-info/METADATA,sha256=z7LCyAZ0lUONyS_TNbUaBFhKASg_zdtuSwOFkEm-osY,5068..cryptography-3.4.8.dist-info/RECORD,,..cryptography-3.4.8.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..cryptography-3.4.8.dist-info/WHEEL,sha256=g0Gp_9X_YiwOuaF1hZMQNaS1qKUg2WIXRJjlZWggGSw,100..cryptography-3.4.8.dist-info/top_level.txt,sha256=rR2wh6A6juD02TBZNJqqonh8x9UP9Sa5Z9Hl1pCPCiM,31..cryptography/__about__.py,sha256=Gma4uMyERDaqXMloHsN56Lo-XunkiH9-joZKZJPG5a8,805..cryptography/__ini

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\cryptography-3.4.8.dist-info\WHEEL

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):100
                                                                                                                                                                                                                              Entropy (8bit):4.992787665793268
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:RtEeX7MWcSlViYHgP+tkKc5vKQLn:RtBMwlViYAWK/SQLn
                                                                                                                                                                                                                              MD5:81473BB8DD3C8C2FAB84DF8D7FE8E9FB
                                                                                                                                                                                                                              SHA1:F91348D2BD8A4A48F331C55ED939AA964C2503E1
                                                                                                                                                                                                                              SHA-256:8341A9FFD5FF622C0EB9A17585931035A4B5A8A520D962174498E5656820192C
                                                                                                                                                                                                                              SHA-512:C16213B3BEA153A781C3EBD1741CA34865F6240A7AA1F9DBF73F9D0C7D7FBAF2545EDAF9CEEA89C287725273EC5F744FF7FFEC073121EFDE3E7783671129301A
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.37.0).Root-Is-Purelib: false.Tag: cp36-abi3-win_amd64..

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\cryptography-3.4.8.dist-info\top_level.txt

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):31
                                                                                                                                                                                                                              Entropy (8bit):3.962103165155795
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:DA1JjBHvAYuOv:DUOev
                                                                                                                                                                                                                              MD5:62246E29EB9A005B743A15C18FE944DD
                                                                                                                                                                                                                              SHA1:10A5E354DAA692FF714D3C49BED348ABD8A485C7
                                                                                                                                                                                                                              SHA-256:AD1DB087A03A8EE0F4D93059349AAAA2787CC7D50FF526B967D1E5D6908F0A23
                                                                                                                                                                                                                              SHA-512:F16FDA3B0A05A1B5F7D8F63E8A223B27CA4689F559D4A00357E129ECB24AD3E8B4519A70D59919DE8D93ADC8AD3B0EAF05192E3D18CE876D7DCA13ED498A0FCC
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:_openssl._padding.cryptography.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\cryptography\hazmat\bindings\_openssl.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):3120128
                                                                                                                                                                                                                              Entropy (8bit):6.664100235549327
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:49152:FMVwASOyGtlql4IU6iAc1vdDP4GKJmhpdmdYTKugTt2mPTUT42Nr:JH+r1vphSaTm2QUT42l
                                                                                                                                                                                                                              MD5:40646757F855E446AE37FEC76DE99A92
                                                                                                                                                                                                                              SHA1:7013F6F293FF8DF18558147C7D05F7D453FAF447
                                                                                                                                                                                                                              SHA-256:68F036B96D1BF85C5BB7BD15DF187E1BA3A848B2ABCF04FE5D2598CDEE13DCF0
                                                                                                                                                                                                                              SHA-512:A25F689C85B9E19F6AA9E1CD10CB414D38CAB79BA476E52756F7D3879895DE225457D94384B7DFD4754C2A0753D7FF258B7DA52A829568BA6C8E9F2BB96D9FDE
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......tDW,0%9.0%9.0%9.9].."%9.bP8~2%9.bP<~<%9.bP=~8%9.bP:~4%9..Q8~2%9.$N8~=%9.0%8..%9.0%9.,%9..P=~.'9..P1~1%9..P9~1%9..P..1%9..P;~1%9.Rich0%9.........................PE..d...:+%a.........." .....L"......... .........................................0...........`......................................... N,.P...pN,.h...../......0...D............/.h}....*.............................0.*.8............`"..............................text....K"......L"................. ..`.rdata..,....`"......P".............@..@.data.......p,......T,.............@....pdata...D...0...F....-.............@..@.rsrc........./......./.............@..@.reloc..h}..../..~..../.............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\libcrypto-1_1.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):3399200
                                                                                                                                                                                                                              Entropy (8bit):6.094152840203032
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:98304:R3+YyRoAK2rXHsoz5O8M1CPwDv3uFh+r:t9yWAK2zsozZM1CPwDv3uFh+r
                                                                                                                                                                                                                              MD5:CC4CBF715966CDCAD95A1E6C95592B3D
                                                                                                                                                                                                                              SHA1:D5873FEA9C084BCC753D1C93B2D0716257BEA7C3
                                                                                                                                                                                                                              SHA-256:594303E2CE6A4A02439054C84592791BF4AB0B7C12E9BBDB4B040E27251521F1
                                                                                                                                                                                                                              SHA-512:3B5AF9FBBC915D172648C2B0B513B5D2151F940CCF54C23148CD303E6660395F180981B148202BEF76F5209ACC53B8953B1CB067546F90389A6AA300C1FBE477
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............K..K..K..;K..K...J..K...J..K...J..K...J..K...J..K..Kb.Kd..J..Kd..J..Kd..J..Kd.WK..Kd..J..KRich..K........................PE..d......^.........." .....R$..........r.......................................`4......~4...`.........................................`...hg...3.@.....3.|.....1.......3. .....3..O...m,.8............................m,...............3..............................text...GQ$......R$................. ..`.rdata.......p$......V$.............@..@.data....z...P1..,...41.............@....pdata..P.....1......`1.............@..@.idata...#....3..$....3.............@..@.00cfg........3......@3.............@..@.rsrc...|.....3......B3.............@..@.reloc..fx....3..z...J3.............@..B................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\libffi-7.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):32792
                                                                                                                                                                                                                              Entropy (8bit):6.3566777719925565
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:2nypDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYIoBneEAR8:2l0Vn5Q28J8qsqMttktDxOpWDG4yKRF
                                                                                                                                                                                                                              MD5:EEF7981412BE8EA459064D3090F4B3AA
                                                                                                                                                                                                                              SHA1:C60DA4830CE27AFC234B3C3014C583F7F0A5A925
                                                                                                                                                                                                                              SHA-256:F60DD9F2FCBD495674DFC1555EFFB710EB081FC7D4CAE5FA58C438AB50405081
                                                                                                                                                                                                                              SHA-512:DC9FF4202F74A13CA9949A123DFF4C0223DA969F49E9348FEAF93DA4470F7BE82CFA1D392566EAAA836D77DDE7193FED15A8395509F72A0E9F97C66C0A096016
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.3.r}]Ar}]Ar}]A{..Ap}]A .\@p}]A..\@q}]Ar}\AU}]A .X@~}]A .Y@z}]A .^@q}]A..Y@t}]A..^@s}]A..]@s}]A.._@s}]ARichr}]A........................PE..d......].........." .....F...$.......I....................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\libssl-1_1.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):689184
                                                                                                                                                                                                                              Entropy (8bit):5.526574117413294
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12288:1SurcFFRd4l6NCNH98PikxqceDotbA/nJspatQM5eJpAJfeMw4o8s6U2lvz:1KWZH98PiRLsAtf8AmMHogU2lvz
                                                                                                                                                                                                                              MD5:BC778F33480148EFA5D62B2EC85AAA7D
                                                                                                                                                                                                                              SHA1:B1EC87CBD8BC4398C6EBB26549961C8AAB53D855
                                                                                                                                                                                                                              SHA-256:9D4CF1C03629F92662FC8D7E3F1094A7FC93CB41634994464B853DF8036AF843
                                                                                                                                                                                                                              SHA-512:80C1DD9D0179E6CC5F33EB62D05576A350AF78B5170BFDF2ECDA16F1D8C3C2D0E991A5534A113361AE62079FB165FFF2344EFD1B43031F1A7BFDA696552EE173
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E......T...T...T...T...TS.U...TZ.U...TS.U...TS.U...TS.U...T..U...T...T.T..U-..T..U...T..uT...T..U...TRich...T........PE..d......^.........." .....(...H.......%..............................................H.....`..............................................N..85..........s........K...j.. .......L.......8............................................ ..8............................text....&.......(.................. ..`.rdata...%...@...&...,..............@..@.data...!M...p...D...R..............@....pdata..TT.......V..................@..@.idata...V... ...X..................@..@.00cfg...............D..............@..@.rsrc...s............F..............@..@.reloc..5............N..............@..B................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\pyexpat.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):189000
                                                                                                                                                                                                                              Entropy (8bit):6.310516938504568
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3072:NLSp96+JvGNw61ctOjB5vrNm067VpwiKdF3+6xdvl18UfKIz4qztsOSSnVDNYWum:a97vkw61BB5vrNm0Kj5+vxfKdqfVTum
                                                                                                                                                                                                                              MD5:11A886189EB726D5786926CC09F9E116
                                                                                                                                                                                                                              SHA1:D94295368A1285681FB03BAC0553EB1495D43805
                                                                                                                                                                                                                              SHA-256:DC38BDBE10CFAA99799E0C87AA8444FC062D445B87686D6593FFCA46CC938031
                                                                                                                                                                                                                              SHA-512:405C56487A91AD1209029CA6EA125642076251F0A8C069EEF0E30CE484381DB7BF24D2F5CD74B83D1C8C1358F92F35FA6ED7B75601ACE611CF36BB2331588684
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........eb...1...1...1...1...1P..0...1P..0...1P..0...1P..0...1...0...1..0...1...1...1...0...1...0...1...1...1...0...1Rich...1........................PE..d...^.._.........." .................................................................$....`.........................................P...P....................... .......H............%..T............................&...............................................text............................... ..`.rdata.............................@..@.data...............................@....pdata.. ...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\python3.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):58952
                                                                                                                                                                                                                              Entropy (8bit):5.848741332074507
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:FTS99q+0o22ByfbEap+VCBQ53gUiT5pLFdBk4/yFi1nuVwWBjChtFyrUdmd9RSx5:q9xiEAnUvdkdINV0Eyv
                                                                                                                                                                                                                              MD5:9779C701BE8E17867D1D92D470607948
                                                                                                                                                                                                                              SHA1:6AAE834541CCC73D1C87C9F1A12DF4AC0CF9001F
                                                                                                                                                                                                                              SHA-256:59E6421802D30326C1704F15ACC2B2888097241E291ABA4860D1E1FC3D26D4BF
                                                                                                                                                                                                                              SHA-512:4E34BCDD2093347D2B4E5C0F8C25F5D36D54097283FAF5B2BE1C75D717F716D459A45336647D3360457F25417952E62F8F21F5A720204FE5B894D5513E43E782
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E.....d...d...d...l...d...d...d......d...f...d.Rich..d.................PE..d...O.._.........." ................................................................M.....`.........................................` ..@...............................H............ ..T............................................................................text............................... ..`.rdata..d.... ......................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\python38.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4209224
                                                                                                                                                                                                                              Entropy (8bit):6.419196959467616
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:49152:qc3VjUbaXKKpiMo2eArGQgukWACEU05yTTysQHbhAT+JClyqA8qcW2d6RVFiT7PR:Fyw/rkTVElJHXZGU/DH4MbXEF9rQv
                                                                                                                                                                                                                              MD5:1F2688B97F9827F1DE7DFEDB4AD2348C
                                                                                                                                                                                                                              SHA1:A9650970D38E30835336426F704579E87FCFC892
                                                                                                                                                                                                                              SHA-256:169EEB1BDF99ED93CA26453D5CA49339E5AE092662CD94CDE09FBB10046F83FC
                                                                                                                                                                                                                              SHA-512:27E56B2D73226E36B0C473D8EB646813997CBDF955397D0B61FCAE37ED1F2C3715E589F9A07D909A967009ED2C664D14007CCF37D83A7DF7CE2A0FEFCA615503
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...X...X...X... M..X...5...X..H....X...5...X...5...X...5...X..0...X...X..Y..J6...X..J6...X..J6!..X..J6...X..Rich.X..................PE..d...F.._.........." .........."...............................................C.....m.@...`..........................................8.......9.|....pB......p@.,.... @.H.....B..t.. r!.T............................r!............... .`............................text............................... ..`.rdata..l..... .....................@..@.data.........9.......9.............@....pdata..,....p@.......=.............@..@.rsrc........pB.......?.............@..@.reloc...t....B..v....?.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\pywin32_system32\pywintypes38.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):142336
                                                                                                                                                                                                                              Entropy (8bit):6.010139157748554
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3072:mjbngJOM0WyPQSst/1ZI32yYrrC0P0xsr1praPDe+4KKPu7UJdap:+bgp0BISst/16YrrC0Ju7e1Kuu7UJ
                                                                                                                                                                                                                              MD5:F60DA44A33910EDA70D838D7635D8FB1
                                                                                                                                                                                                                              SHA1:C35B4CF47349888384729386C74C374EDB6F6FF3
                                                                                                                                                                                                                              SHA-256:13934599FF931F97E8EAC6106DC67D54609BEFD0B0E653B46F6C25B18830C572
                                                                                                                                                                                                                              SHA-512:3C57ED384C23C89F99708BDF688EBD28629E84DF8756E7B64DFA8B6E0B52BEEFB0C62DE820F2C72E5679B7632279DCB414A781CFD2C5C9654D09D9DA24FA17B3
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+.$.J.w.J.w.J.w.2Kw.J.w.?.v.J.w.%%w.J.w.?.v.J.w.?.v.J.w.?.v.J.w.!.v.J.w.,.v.J.w.!.v.J.w.J.wNJ.wh?.v.J.wh?.v.J.wh?.v.J.wRich.J.w................PE..d......d.........." .................,.......................................p............`.........................................0...`B......,....P..d....0...............`..0...@t..T............................t..8............................................text............................... ..`.rdata..............................@..@.data....-.......(..................@....pdata.......0......................@..@.rsrc...d....P.......$..............@..@.reloc..0....`.......(..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\select.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):26696
                                                                                                                                                                                                                              Entropy (8bit):6.083258526295506
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:hGNKrWZwhMHqSa/QtmI0dINqGSWDG4yiJ:hqKrWmhMKSa/QtmI0dINqGXye
                                                                                                                                                                                                                              MD5:A2AB334E18222738DCB05BF820725938
                                                                                                                                                                                                                              SHA1:2F75455A471F95AC814B8E4560A023034480B7B5
                                                                                                                                                                                                                              SHA-256:7BA95624370216795EA4A087C326422CFCBCCC42B5ADA21F4D85C532C71AFAD7
                                                                                                                                                                                                                              SHA-512:72E891D1C7E5EA44A569283B5C8BD8C310F2EE3D3CC9C25C6A7D7D77A62CB301C822C833B0792C3163CF0B0D6272DA2F667E6BC74B07ED7946082433F77D9679
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........P...1...1...1...I~..1../\...1../\...1../\...1../\...1..f_...1..Y...1...1...1..f_...1..f_...1..f_...1..f_...1..Rich.1..................PE..d...V.._.........." .........4......X...............................................|.....`......................................... @..L...l@..x....p.......`.......N..H.......,....2..T........................... 3...............0...............................text............................... ..`.rdata..X....0....... ..............@..@.data........P.......:..............@....pdata.......`.......<..............@..@.rsrc........p.......@..............@..@.reloc..,............L..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\ucrtbase.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1122768
                                                                                                                                                                                                                              Entropy (8bit):6.6466118295886165
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24576:CJG2BrB3ZQAq0AT2jS9HKHdK6AccMs1wmxvSZX0ypFi:0VGrT6SAk3ei
                                                                                                                                                                                                                              MD5:3B337C2D41069B0A1E43E30F891C3813
                                                                                                                                                                                                                              SHA1:EBEE2827B5CB153CBBB51C9718DA1549FA80FC5C
                                                                                                                                                                                                                              SHA-256:C04DAEBA7E7C4B711D33993AB4C51A2E087F98F4211AEA0DCB3A216656BA0AB7
                                                                                                                                                                                                                              SHA-512:FDB3012A71221447B35757ED2BDCA6ED1F8833B2F81D03AABEBD2CD7780A33A9C3D816535D03C5C3EDD5AAF11D91156842B380E2A63135E3C7F87193AD211499
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........T...:K..:K..:K..K..:K..;K..:KK..K..:KK.:J..:KK.9J..:KK.?J..:KK.>J.:KK.4J..:KK..K..:KK.8J..:KRich..:K........PE..d................" .....0..........0^...............................................N....`A................................................................. ...........!...... .......p............................Z..8..............(............................text...X .......0.................. ..`.rdata......@.......@..............@..@.data....&....... ..................@....pdata....... ......................@..@.rsrc...............................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\unicodedata.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1096264
                                                                                                                                                                                                                              Entropy (8bit):5.342861808860828
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12288:reQqQOZ6K191SnFRFotduNdBjCmN/XlyCAx9++bBlhJk93cgewrxEeBpl8:reQGn4oghCc/+9nbDhG2wrxpl8
                                                                                                                                                                                                                              MD5:549C9EEDA8546CD32D0713C723ABD12A
                                                                                                                                                                                                                              SHA1:F84B2C529CFF58B888CC99F566FCD2EBA6FF2B8E
                                                                                                                                                                                                                              SHA-256:5D5E733397EF7C4946CF26C84B07312CB12EAF339374613D4381E694EF38169B
                                                                                                                                                                                                                              SHA-512:9432DAF045BAC3E322B1797F49AFE50F76FAF8B7D8DB063A1D56578016C813881AF3324E2529032A8644A04B58CCC9D2C363BF92B56115F06B9EEFEBFAB08180
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........4.{FU.(FU.(FU.(O-/(@U.(.8.)DU.(.8.)JU.(.8.)NU.(.8.)DU.(.;.)EU.(.=.)DU.(FU.(.U.(.;.)GU.(.;.)GU.(.;C(GU.(.;.)GU.(RichFU.(................PE..d...W.._.........." .....J...X.......)..............................................jL....`.............................................X...............................H...........@)..T............................)...............`...............................text...NI.......J.................. ..`.rdata...-...`.......N..............@..@.data................|..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI18922\win32wnet.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):38912
                                                                                                                                                                                                                              Entropy (8bit):5.572930724109382
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:2uFLa14u3wdL8AKlcFcpXIxtOdKlr2Q5uu2x:2uY14uWL8IFcpc2Q5R2
                                                                                                                                                                                                                              MD5:BA0890D7B3CF1A791E2889D74D426ED6
                                                                                                                                                                                                                              SHA1:14E25C625CB14956A788D533E05961564F6B2AA6
                                                                                                                                                                                                                              SHA-256:AE7FDBC07D7C18F865EC91E59913F6845E6147E724064D400197D8E98E88CE03
                                                                                                                                                                                                                              SHA-512:C4989E6DF88AAFE6AEAA0950F7FE23ED77F238DBFA6733425268E208AB071611C6BBC17558D165F45EC9CB41C9B2A2875938550C082AA2802B2DB0FCE910DF81
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........fTG..:...:...:.......:..r;...:..r?...:..r>...:..r9...:.Tr;...:..a;...:..l;...:...;...:.Tr3...:.Tr:...:.Tr8...:.Rich..:.........PE..d......d.........." .....D...P............................................................`.........................................p...H...............T............................q..T...........................`q..8............`...............................text....C.......D.................. ..`.rdata...7...`...8...H..............@..@.data...(...........................@....pdata..............................@..@.rsrc...T...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\VCRUNTIME140.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):101664
                                                                                                                                                                                                                              Entropy (8bit):6.561877023049057
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:yCKWZGuEK0mOLSTxoPl9GIcuZrxi4hXX9oix8H+9C7ecbGSh9ZR0Fa:yFWY1WxgGStJ8HaC7ecbG2Ga
                                                                                                                                                                                                                              MD5:18571D6663B7D9AC95F2821C203E471F
                                                                                                                                                                                                                              SHA1:3C186018DF04E875D6B9F83521028A21F145E3BE
                                                                                                                                                                                                                              SHA-256:0B040A314C19FF88F38FD9C89DCA2D493113A6109ADB8525733C3F6627DA888F
                                                                                                                                                                                                                              SHA-512:C8CBCA1072B8CB04F9D82135C91FF6D7A539CB7A488671CECB6B5E2F11A4807F47AD9AF5A87EBEE44984AB71D7C44FC87850F9D04FD2C5019EC1B6A1B483CA21
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w.............t:..............................................................Rich....................PE..d......^.........." .........^......................................................v=....`A.........................................0..4....9.......p.......P.......L.. A..............8........................... ...0............................................text...2........................... ..`.rdata...?.......@..................@..@.data...0....@.......4..............@....pdata.......P.......8..............@..@_RDATA.......`.......D..............@..@.rsrc........p.......F..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\VCRUNTIME140_1.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):44328
                                                                                                                                                                                                                              Entropy (8bit):6.619269527509389
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:qim/NRETi8kykt25HwviU5fJUiP2551xWmbTqOA7SXfIfy85xM8AT5WrmKWkrWiS:qIe8kySL2iPQxdvjAevMM5vAWtNyjS
                                                                                                                                                                                                                              MD5:A4F89FFC725CCAE3C7BBCB9A0C91302F
                                                                                                                                                                                                                              SHA1:531194DAD6795B3CB50B02501B0856EFA694DD36
                                                                                                                                                                                                                              SHA-256:BBCEA93943F7E28A4D904301FF4BB708ADAEC4CC27800020044085FB838D4E5D
                                                                                                                                                                                                                              SHA-512:C8CE2DCB65CD1FD0A7FFDC1DF0076BE2882BADAC7082B49FF96EC2CA1E944CCAB8699AB28901A895CCA90783CD223434552E366103FB6FCD25D9AD033B95EEDF
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ .S.A...A...A..0.m..A..O....A...9...A...A...A..O....A..O....A..O....A..O....A..O.}..A..O....A..Rich.A..................PE..d......^.........." .....:...4......pA...................................................`A.........................................j......|k..x....................l..(A......8....b..8...........................@b..0............P..X............................text....9.......:.................. ..`.rdata... ...P..."...>..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..8............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\_asyncio.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):63560
                                                                                                                                                                                                                              Entropy (8bit):5.8738277266687575
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:ddA7ll/y7vFtIrfKqnXM7KXsssS9ZINsn8ByvK:dUll/WFAfnXMOX5PZINsnNK
                                                                                                                                                                                                                              MD5:7DD62E9903D66377D49D592B6E6DAC82
                                                                                                                                                                                                                              SHA1:2B6BEC5D58CD4A7F0EAA809179461DBDB527D4F7
                                                                                                                                                                                                                              SHA-256:29712C65138FC02208D8575A8EF188D69947464DD0DC2BE53F34C8DA81A82F06
                                                                                                                                                                                                                              SHA-512:9BC8526C6C9EBA3682848277079457BB443A516CDBF3F10D281763A37483E7C6929AFEDDD7D9663E3573DD03665230395CEC7C60EA3F1671DF93628A665822AD
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f."..."..."...+.R. ....... .......).......*....... ......!...y... ...".........#......#....>.#......#...Rich"...................PE..d...P.._.........." .....\................................................... ......*.....`.............................................P...`...d.......................H.......p....v..T............................v...............p..0............................text...<Z.......\.................. ..`.rdata..HI...p...J...`..............@..@.data...( ..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..p...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\_bz2.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):86088
                                                                                                                                                                                                                              Entropy (8bit):6.376772954999528
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:i2g2Q9bRpNtjKjhtgc7JV+kwu0D9sl8/PFXPpQBIN4V/y8R:Jg2Qbvo0cV4kwu0D9sK/9XPpQBIN4VJR
                                                                                                                                                                                                                              MD5:FC0D862A854993E0E51C00DEE3EEC777
                                                                                                                                                                                                                              SHA1:20203332C6F7BD51F6A5ACBBC9F677C930D0669D
                                                                                                                                                                                                                              SHA-256:E5DE23DBAC7ECE02566E79B3D1923A8EEAE628925C7FB4B98A443CAD94A06863
                                                                                                                                                                                                                              SHA-512:B3C2ADE15CC196E687E83DD8D21CE88B83C8137A83CFC20BC8F2C8F3AB72643EF7CA08E1DC23DE0695F508BA0080871956303AC30F92AB865F3E4249D4D65C2F
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.00..^c..^c..^c...c..^c.._b..^c.R.c..^c..[b..^c..Zb..^c..]b..^c.._b..^cN._b..^c.._ct.^c..Sb..^c..^b..^c...c..^c..\b..^cRich..^c........PE..d...e.._.........." .........h..............................................p.......^....`.........................................0...H...x........P.......@..4....6..H....`..........T...............................................H............................text............................... ..`.rdata..rB.......D..................@..@.data........0......................@....pdata..4....@......................@..@.rsrc........P.......(..............@..@.reloc.......`.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\_cffi_backend.cp38-win_amd64.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):177664
                                                                                                                                                                                                                              Entropy (8bit):6.158534074101028
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3072:8QY/et3+F8qiO1dmSzbo0+tMv5J5S7wbSTLLKCR8LpA:xwEuF8qXsSzESxThbSTLeCOLp
                                                                                                                                                                                                                              MD5:4173EC9FE8F83845BBAF61D8C313A30A
                                                                                                                                                                                                                              SHA1:D0A6095964150230EDE434506E167F1DEE731296
                                                                                                                                                                                                                              SHA-256:3DF50B1E9FADC6D006C712D2A80A96AE0A286EFD82F9A4160439C75D2BE4D7B4
                                                                                                                                                                                                                              SHA-512:17C6E083CAFB7D6B6DCFAD4960F04E3754A5C0D1AE70F1AE8B91421C4AFCBE32D44611FEC29D295A36573007674510AF9992DAA3057548EFFCCCA772602FA435
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......C..#...p...p...p...p...p.7.q...p.7|p...p.7.q...p.7.q...p.7.q...pL.q...p...q...p...p...p.0.q...p...p...p.0.q...p.0~p...p.0.q...pRich...p........................PE..d...!~.f.........." ...(.....@.............................................. ............`.........................................pV..h....V.......................................=..............................p<..@............................................text............................... ..`.rdata..............................@..@.data....].......0...h..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\_ctypes.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):126024
                                                                                                                                                                                                                              Entropy (8bit):5.9027294934540775
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3072:97uYeVDxa+yVfZgV2JjtiAEUBfeT0jJRZBFU8RdINVPS:9K383gIj/feTgJRX
                                                                                                                                                                                                                              MD5:8ADB1345C717E575E6614E163EB62328
                                                                                                                                                                                                                              SHA1:F1EE3FFF6E06DC4F22A5EB38C09C54580880E0A3
                                                                                                                                                                                                                              SHA-256:65EDC348DB42347570578B979151B787CEEBFC98E0372C28116CC229494A78A8
                                                                                                                                                                                                                              SHA-512:0F11673854327FD2FCD12838F54C080EDC4D40E4BCB50C413FE3F823056D189636DC661EA79207163F966719BF0815E1FFA75E2FB676DF4E56ED6321F1FF6CAE
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........gq..............~.......k.......k.......k.......k......Xh.......n.......n......^o..........!...Xh......Xh......Xh......Xh......Rich............................PE..d...[.._.........." .................^....................................................`..........................................r......4s..................d.......H...........P-..T............................-............... ..p............................text...i........................... ..`.rdata...n... ...p..................@..@.data....>.......:...v..............@....pdata..d...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\_decimal.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):266824
                                                                                                                                                                                                                              Entropy (8bit):6.520816772363595
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6144:mYXkBpKJU7vSJL9cu4eSOolgjozIQk9qWMa3pLW1AG4visa2OGuQaN:oBpKJGSpslDsQ+Ju5N
                                                                                                                                                                                                                              MD5:49B8CD4D750FE59ADFB1CF8252C3EFE0
                                                                                                                                                                                                                              SHA1:01F6E81B46F417233262DF5282E233FDAD369686
                                                                                                                                                                                                                              SHA-256:0AF14298B022D615FC12DE4034068985928FE6B7AB6BAE3F5BE3A8ADAD379074
                                                                                                                                                                                                                              SHA-512:EEA62D90D09502EB1ED425DD7C43355356C94F35740B78469DB6D74B7C362ECEC01806B1E1071BB741D68391996F8960B4642E98831525EE2886867D202CD07C
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@2F..S(..S(..S(..+...S(..>)..S(..>-..S(..>,..S(..>+..S(..=)..S(._;)..S(..S)..S(..=+..S(..=%..S(..=(..S(..=..S(..=*..S(.Rich.S(.........PE..d...S.._.........." .........F......$........................................0......$.....`.........................................`...P........................+......H.... ..P.......T...............................................(............................text...@........................... ..`.rdata..............................@..@.data...H*.......$..................@....pdata...+.......,..................@..@.rsrc...............................@..@.reloc..P.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\_hashlib.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):46152
                                                                                                                                                                                                                              Entropy (8bit):5.9492510690836475
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:4OUT3iMTYwbDU5496lvj3UEPKhievaZoZINsIm0WDG4yHo:4OrBwbDQdjEphfvCoZINsImhyHo
                                                                                                                                                                                                                              MD5:5FA7C9D5E6068718C6010BBEB18FBEB3
                                                                                                                                                                                                                              SHA1:93E8875D6D0F943B4226E25452C2C7D63D22B790
                                                                                                                                                                                                                              SHA-256:2E98F91087F56DFDFFBBDD951CD55CD7EA771CEC93D59CADB86B964ED8708155
                                                                                                                                                                                                                              SHA-512:3104AA8B785740DC6A5261C27B2BDC6E14B2F37862FA0FBA151B1BC1BFC0E5FB5B6934B95488FA47C5AF3FC2B2283F333FF6517B6F8CF0437C52CF171DA58BF5
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................?.....-......-....-....-......d............c............d......d......d.S.....d......Rich............PE..d...e.._.........." .....@...\.......2..............................................OQ....`..........................................v..P....v..........................H...........0X..T............................X...............P...............................text....>.......@.................. ..`.rdata..D4...P...6...D..............@..@.data...h............z..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\_lzma.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):162376
                                                                                                                                                                                                                              Entropy (8bit):6.760133023586482
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3072:DfVedVAw2nIhmc8sWOwPhE8qENIawGWp1ZB4Vzxznfo9mNoF32YIUVbFBINH1d:DfVedVYnWmS9we8G9ZB4DwYOFZIUzU
                                                                                                                                                                                                                              MD5:60E215BB78FB9A40352980F4DE818814
                                                                                                                                                                                                                              SHA1:FF750858C3352081514E2AE0D200F3B8C3D40096
                                                                                                                                                                                                                              SHA-256:C4D00582DEE45841747B07B91A3E46E55AF79E6518EC9F0CE59B989C0ACD2806
                                                                                                                                                                                                                              SHA-512:398A441DE98963873417DA6352413D080620FAF2AE4B99425D7C9EAF96D5F2FDF1358E21F16870BDFF514452115266A58EE3C6783611F037957BFA4BCEC34230
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T......K...K...K...K...K..J...K..J...K..J...K..J...K..J...KK.J...K...Kq..K..J*..K..J...K..mK...K..J...KRich...K................PE..d...p.._.........." .....|..........84....................................................`.........................................p6..L....6..x............`.......`..H.......$.......T...........................`...................0............................text...!z.......|.................. ..`.rdata..............................@..@.data........P.......4..............@....pdata.......`.......<..............@..@.rsrc................R..............@..@.reloc..$............^..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\_multiprocessing.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):29256
                                                                                                                                                                                                                              Entropy (8bit):5.9682801135376815
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:oQybRGaX9IGnrQa4qtpj4Y54JP7gR0478sn5pINkBLpXSnYPLxDG4y8RG4:oD8qCG0aZcJDux35pINktpiWDG4ys
                                                                                                                                                                                                                              MD5:E322BEF009567F51A5B50580EA358B84
                                                                                                                                                                                                                              SHA1:8518BCF80EBC1A7359EC924C7D246748EC3B0B08
                                                                                                                                                                                                                              SHA-256:AC50CDC428714DD5F411CA45AA1196E99075755B4719D17B2929E94C5E868AEF
                                                                                                                                                                                                                              SHA-512:3970106FA397B7B5F2C354E9A433AA50164A742296D102C94111F00F60972295E426486016341D180FDA05532E7CD5F753F9FDBAD158E9759FE55EBE5EFBC2D2
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........v...............oi.....+z......+z......+z......+z......by....................by......by......by......by......Rich....................PE..d...T.._.........." ..... ...:......X...............................................z"....`..........................................@..`....@..x....p.. ....`.......X..H............3..T............................4...............0...............................text............ .................. ..`.rdata..$....0.......$..............@..@.data...h....P.......@..............@....pdata.......`.......F..............@..@.rsrc... ....p.......J..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\_overlapped.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):45640
                                                                                                                                                                                                                              Entropy (8bit):6.029273550521059
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:GjJDGL+xD1jf2SnI1KseKVoYWE50vnIBkBovVINJtKkWDG4yR7:GjJ6+2CI1KJ20vnIBJvVINJtKRyJ
                                                                                                                                                                                                                              MD5:DA51560431C584706D9A9E3E40E82CFE
                                                                                                                                                                                                                              SHA1:E60C22A05FD6A34C95F46DC17292F8C4D5E8C332
                                                                                                                                                                                                                              SHA-256:EF1BB6ABEDC9A6E156ECA16AA53E836948DEB224CDC0C5FC05E7816F860C38A9
                                                                                                                                                                                                                              SHA-512:555AA6FD084B0675D629BF79711C91899D178735E4B1B9F9AC4C13D7F01E0A3D8F6436699E37922F04BAFFEF32EFF540EF4BACE6B58E3BAFAFA021DDC12564EB
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................F................................D...........................D......D......D.*....D......Rich...........................PE..d...V.._.........." .....@...Z......h................................................4....`..........................................v..X...Hw..........................H...........@W..T............................W...............P...............................text...J?.......@.................. ..`.rdata...4...P...6...D..............@..@.data...`............z..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\_queue.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):28232
                                                                                                                                                                                                                              Entropy (8bit):6.026784322519284
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:5fzd3kPmXE/K/15JGsNi6rDcDRmOnx+cECdINqUTnYPLxDG4y8RGF9uE:V7XE/KLJa6rDaRm4DdINqUTWDG4yF9uE
                                                                                                                                                                                                                              MD5:1FC2C6B80936EFC502BFC30FC24CAA56
                                                                                                                                                                                                                              SHA1:4E5B26FF3B225906C2B9E39E0F06126CFC43A257
                                                                                                                                                                                                                              SHA-256:9C47A3B84012837C60B7FECED86ED0A4F12910A85FD259A4483A48CD940E3514
                                                                                                                                                                                                                              SHA-512:D07655D78ACA969CCC0D7CEDF9E337C7B20082D80BE1D90D69C42BE933FBAB1C828316D2EB5461DED2FF35E52762E249FC0C2BCCBC2B8436488FB6A270D3D9EE
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f."..."..."...+.V. ....... .......).......*....... ......!...y... ..."...a......#......#....:.#......#...Rich"...........PE..d...T.._.........." .........8............................................................`.........................................`B..L....B..d....p.......`.......T..H.......l...@3..T............................3...............0..8............................text...l........................... ..`.rdata..J....0......."..............@..@.data........P.......>..............@....pdata.......`.......B..............@..@.rsrc........p.......F..............@..@.reloc..l............R..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\_socket.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):78920
                                                                                                                                                                                                                              Entropy (8bit):6.068138139328106
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:SKmx5snrlAdD68Asd9/s+7+pIlxRjDzrdINVwayv:JmxqnBwAsd9/se+pIxRPzrdINVw1
                                                                                                                                                                                                                              MD5:1D53841BB21ACDCC8742828C3ADED891
                                                                                                                                                                                                                              SHA1:CDF15D4815820571684C1F720D0CBA24129E79C8
                                                                                                                                                                                                                              SHA-256:AB13258C6DA2C26C4DCA7239FF4360CA9166EA8F53BB8CC08D2C7476CAB7D61B
                                                                                                                                                                                                                              SHA-512:0266BCBCD7CA5F6C9DF8DBEEA00E1275932DACC38E5DD83A47BFBB87F7CA6778458A6671D8B84A63AE9216A65975DA656BA487AC28D41140122F46D0174FA9F9
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>...z...z...z...s.-.~......x......v......r......x......x...!..}...z.........{......{.....A.{......{...Richz...........................PE..d...f.._.........." .....x...................................................`...........`......................................... ...P...p........@.......0..........H....P...... ...T............................................................................text...Xv.......x.................. ..`.rdata...v.......x...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\_ssl.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):153672
                                                                                                                                                                                                                              Entropy (8bit):5.895447412110481
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3072:HlO4VRd4tXxAhr2uVk/Zytv7OazgnBYi5qTEVfa+MuUqZBIN47+:FD4tXyZ2AQytCazgatqZS
                                                                                                                                                                                                                              MD5:84DEA8D0ACCE4A707B094A3627B62EAB
                                                                                                                                                                                                                              SHA1:D45DDA99466AB08CC922E828729D0840AE2DDC18
                                                                                                                                                                                                                              SHA-256:DCF6B3FF84B55C3859D0F176C4CE6904C0D7D4643A657B817C6322933DBF82F6
                                                                                                                                                                                                                              SHA-512:FDAA7EB10F8BF7B42A5C9691F600EFF48190041A8B28A5DAB977170DB717FFF58DD0F64B02CA30D274552FF30EE02A6577F1465792CF6760366C2588BF373108
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................'...'.....'.....'...n...i.....................n...n...n.i...n...Rich..........................PE..d...h.._.........." .........................................................p............`.............................................d............P.......@.......>..H....`..........T............................................................................text............................... ..`.rdata..............................@..@.data....k.......f..................@....pdata.......@......................@..@.rsrc........P.......$..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-console-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22072
                                                                                                                                                                                                                              Entropy (8bit):4.729352106249244
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:+zOGWZhWsWJWadJCsVWQ4OW4f/hHssDX01k9z3AHQH4i/vN:+zBWZhWZCsFf/FDR9zcQvv
                                                                                                                                                                                                                              MD5:4A8F3A1847F216B8AC3E6B53BC20BD81
                                                                                                                                                                                                                              SHA1:F5AADC1399A9DA38087DF52E509D919D743E3EA7
                                                                                                                                                                                                                              SHA-256:29B7D786D9F421765A4F4904F79605C41E17C0A24D7F91E44C0B7B0DEA489FC3
                                                                                                                                                                                                                              SHA-512:E70D2B719517C413FA967CA1A8D224299AF55D988B3CC28013AAA3677660FAE9ECB6F858D31C08CD8A0888F932AF1384F0EAA928C002200F0710C2D5BDDCED1B
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...'6[o.........." ...&.....0...............................................@.......t....`A........................................p...,............0...............0..8&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-datetime-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22056
                                                                                                                                                                                                                              Entropy (8bit):4.582853727629458
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:SWZhWpWEXCVWQ4KWgfYXxwVIX01k9z3A2rZ2Co:SWZhWGVWR9zL12j
                                                                                                                                                                                                                              MD5:D7AD8DB12FF42D620A657127DADA1D88
                                                                                                                                                                                                                              SHA1:0CA381C734A3A93DC5F19C58DADFDCA9D1AFCCD8
                                                                                                                                                                                                                              SHA-256:26054D8FEBAB1AACF11AA5CB64055808CD33388A8E77D0B3BCBC7543B0EEA3BD
                                                                                                                                                                                                                              SHA-512:7E2D6B60ADBF97B22AB4B66691E483827D5755CFC6FCB5224369ADA53CBD8CDA43C4694A000EA4B5CEBC69A475B54DF0E9694C20AFD9EC62B4DB7B22241BDC45
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d................" ...&.....0...............................................@............`A........................................p................0...............0..(&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-debug-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):21960
                                                                                                                                                                                                                              Entropy (8bit):4.56864151469395
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:JWZhW9VWJWadJCsVWQ4mWJfTBm+0U8X01k9z3Ar+bP:JWZhWiCsofTBmo8R9zY+P
                                                                                                                                                                                                                              MD5:C68A86C180FF1FCAC90D1DA9A08179C1
                                                                                                                                                                                                                              SHA1:C287951441C957931DC4EBBEE4DC9426A4501554
                                                                                                                                                                                                                              SHA-256:2C91C4861E88C92693A1B145EBE2F69FFB90797CD42061E2D84F3D7FC009A941
                                                                                                                                                                                                                              SHA-512:857FBF9852596EF7263D8FAF970128487413C859246F58B15CEC32D11576894C47211A3BD9005F86C2A28FA6B67FBA96831C4953C0FA24E2373A6DAECB85E121
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d......}.........." ...&.....0...............................................@.......n....`A........................................p................0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22072
                                                                                                                                                                                                                              Entropy (8bit):4.635214855201274
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:hPmxD3jPWZhWUzWJWadJCsVWQ4KW8xwVIX01k9z3A2rEUOdu:hPAPWZhWUqCsLR9zLANA
                                                                                                                                                                                                                              MD5:A17FF429442D4E5298F0FAF95950A77D
                                                                                                                                                                                                                              SHA1:522A365DAD26BEDC2BFE48164DC63C2C37C993C3
                                                                                                                                                                                                                              SHA-256:8E9D1D206DA69DA744D77F730233344EBE7C2A392550511698A79CE2D9180B41
                                                                                                                                                                                                                              SHA-512:7D4E31251C171B90A0C533718655C98D8737FF220BCC43F893FF42C57AB43D82E6BD13FA94DEF5BB4205CAEC68DC8178D6B2A25AD819689F25DAD01BE544D5AC
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...h..,.........." ...&.....0...............................................@............`A........................................p................0...............0..8&..............p............................................................................rdata..H...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-fibers-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22056
                                                                                                                                                                                                                              Entropy (8bit):4.5745435750793515
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:NyWZhWPWEXCVWQ4OW+shHssDX01k9z3AHQHBhuWC:QWZhWEnsFDR9zcQk
                                                                                                                                                                                                                              MD5:73DD550364215163EA9EDB537E6B3714
                                                                                                                                                                                                                              SHA1:C24FCADFEE877D5402E2B4F8518C4F5F4A2CE4B4
                                                                                                                                                                                                                              SHA-256:0235C78780EFF0BD34FCE01D1C366E5E5936EA361676CB9711A4CFFF747D457A
                                                                                                                                                                                                                              SHA-512:2406D9D44D3ED86A95248B25CF574E0C06533CD916048A2FACD68F4DB48E49E8E8CE1917091BCFB273D0ACC210697CEB659930C896E51464C300EC06476D8CC2
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d....+............" ...&.....0...............................................@............`A........................................p................0...............0..(&..............p............................................................................rdata..`...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-file-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):26152
                                                                                                                                                                                                                              Entropy (8bit):4.87194572901717
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:1whDPvVr8rFTsKWZhWgWEXCVWQ4KWiOcADB6ZX01k9z3AT2s7u:WJPvVrQWZhW7KcTR9zW2s6
                                                                                                                                                                                                                              MD5:ECEE1B7DA6539C233E8DEC78BFC8E1F9
                                                                                                                                                                                                                              SHA1:052BA049F6D8CD5579E01C9E2F85414B15E6CBF8
                                                                                                                                                                                                                              SHA-256:249D7CD1C87738F87458B95ACE4AB8F87B0DE99EEEFB796F6B86CBA889D49B2C
                                                                                                                                                                                                                              SHA-512:EA21FE20336B8170B2A8CD13DF217E9EE87AA1D2B0BA476BEE2A97C3FCE57648C9AB664B9BA895D5BBBCD119F2BB6633BEDC85DAFBD7BF6853AA48B168A927F4
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d......b.........." ...&.....@...............................................P......A.....`A........................................p...x............@...............@..(&..............p............................................................................rdata........... ..................@..@.data........0......................@....rsrc........@.......0..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-file-l1-2-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22056
                                                                                                                                                                                                                              Entropy (8bit):4.608548224344036
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:u7xmWZhWlWEXCVWQ4KWs8HjKDUX01k9z3AmaS+5:u1mWZhWSYpR9zX78
                                                                                                                                                                                                                              MD5:3473BC217562594B5B126D7AEB9380E9
                                                                                                                                                                                                                              SHA1:B551B9D9AA80BE070F577376E484610E01C5171A
                                                                                                                                                                                                                              SHA-256:0D8190FD619FEB20DF123931108D499132F7051F1EBB0EF246082F4C52C88B22
                                                                                                                                                                                                                              SHA-512:036B93457ADE632AD68264D81FF26EE1156038E234C606882386D6BABCBE722A18E9CED1655F97CAECAF5FD514E261DAFE999A3E9FEC00CC677E177F0BF8E203
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...D............." ...&.....0...............................................@............`A........................................p...L............0...............0..(&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-file-l2-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):20960
                                                                                                                                                                                                                              Entropy (8bit):4.41968362445382
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:lC+WvhWRWYnO/VWQ4SWHvD480Hy5qnajsBkffy2:4+WvhWRUGEslECl
                                                                                                                                                                                                                              MD5:50ABF0A7EE67F00F247BADA185A7661C
                                                                                                                                                                                                                              SHA1:0CDDAC9AC4DB3BF10A11D4B79085EF9CB3FB84A1
                                                                                                                                                                                                                              SHA-256:F957A4C261506484B53534A9BE8931C02EC1A349B3F431A858F8215CECFEC3F7
                                                                                                                                                                                                                              SHA-512:C2694BB5D103BAFF1264926A04D2F0FE156B8815A23C3748412A81CC307B71A9236A0E974B5549321014065E393D10228A0F0004DF9BA677F03B5D244A64B528
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d.....mR.........." .........0...............................................@............`A........................................p................0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-handle-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22072
                                                                                                                                                                                                                              Entropy (8bit):4.612550828747309
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:/JWZhWdWJWadJCsVWQ4OWHhNy9hHssDX01k9z3AHQHXJw:/JWZhW8CsEh6FDR9zcQ5
                                                                                                                                                                                                                              MD5:53B1BEEE348FF035FEF099922D69D588
                                                                                                                                                                                                                              SHA1:7BC23B19568E2683641116F770773F8BCF03376B
                                                                                                                                                                                                                              SHA-256:3A52229BF8A9DF9F69A450F1ED7AFC0D813D478D148C20F88EC4169D19B0D592
                                                                                                                                                                                                                              SHA-512:85C7FFA63483D69870CD69BF40E2B4EA5992D6B82607EE9BFC354C3BD5079E18CFE2CA0BCAA2FE493B42226F4A8097737116EA023823CE3EF177596DD80EDCDB
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d.....v$.........." ...&.....0...............................................@............`A........................................p...`............0...............0..8&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-heap-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22056
                                                                                                                                                                                                                              Entropy (8bit):4.721465362736704
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:gIxlyWZhW6WEXCVWQ4KW3YfyttuX01k9z3AwQoz/fI:gIxlyWZhWtMSR9zVQE4
                                                                                                                                                                                                                              MD5:5846D53AC41102BB6F7E1F78717FEA7F
                                                                                                                                                                                                                              SHA1:72254F1B93F17C2C6921179C31CD19B1B4C5292D
                                                                                                                                                                                                                              SHA-256:059DFA16C1BBE5FF3A4B5443BA5E7AD1D41E392A873B09CFEF787020CA3E101F
                                                                                                                                                                                                                              SHA-512:0C29C0F562F1CABD794D8BF7F5CEF0B0213FCF52A71EB254E0122F88C6E03558CB2259CAFF6B46D3B055101EF5422318E48D6C7568CBF2423212B8ED4E8F0F7F
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...,v............" ...&.....0...............................................@............`A........................................p................0...............0..(&..............p............................................................................rdata..|...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):21944
                                                                                                                                                                                                                              Entropy (8bit):4.620454652680466
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:NHWZhWjWEXCVWQ4iWM0JKxu3O6YX01k9z3AFs5Ks:tWZhWYj0J8R9z2s5Ks
                                                                                                                                                                                                                              MD5:5A1569EFA80FD139B561A9677A661F8A
                                                                                                                                                                                                                              SHA1:FB0C824688E65ED12F52FA961EF3BAE5674F32AF
                                                                                                                                                                                                                              SHA-256:41C1EAF5545109E871ABEF7386AB1ABF9D2DE1762CB4720C945AFA8424858B00
                                                                                                                                                                                                                              SHA-512:1D2594C7F9757A95B41A9E6496F89C81FC96448B32CACB0C10D0DB8C28A95CF33B3AD23348BCD8FB37D82BD72865D3C60944206F2E795686440DE49BBCC39D7E
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d.....D.........." ...&.....0...............................................@............`A........................................p................0...............0...%..............p............................................................................rdata..L...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):21960
                                                                                                                                                                                                                              Entropy (8bit):4.842934040846033
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:8TvuBL3BBLMWZhWNWJWadJCsVWQ4iWBRBm+0U8X01k9z3Ar6V2EzVL:8TvuBL3BiWZhWMCsGRBmo8R9zY6V2w
                                                                                                                                                                                                                              MD5:5EB2D8E1B9C9BD462C808F492EF117C2
                                                                                                                                                                                                                              SHA1:60D398EC6E72AB670A2D9EF1B6747387C8DE724E
                                                                                                                                                                                                                              SHA-256:DB85F9AAE6E9A5F1664326FA3FB82FE1002A3053857724D6C8D979A07C1221A1
                                                                                                                                                                                                                              SHA-512:DF0EF770368F153104F828F1C2381BEA9A79E69DEFD43AF53BDD419B7D80144831E0C4CC8695BAEE9F26928F0C4A00FE4837C872313C37BCE1B23E6690A93BDA
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d.....hp.........." ...&.....0...............................................@......L#....`A........................................p................0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-localization-l1-2-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22072
                                                                                                                                                                                                                              Entropy (8bit):5.343540756101008
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:/naOMw3zdp3bwjGzue9/0jCRrndb5WZhW4Csq1IH6FDR9zcQ:SOMwBprwjGzue9/0jCRrndbkaSSl9z
                                                                                                                                                                                                                              MD5:0414909B279EA61CA344EDBE8E33E40B
                                                                                                                                                                                                                              SHA1:4ECE0DABE954C43F9BD5032DE76EC29C47B22E10
                                                                                                                                                                                                                              SHA-256:05B0C773A77850F3D50DDB4B82CC4D5F19316FE1AAA65E21B4709AE73F60A28E
                                                                                                                                                                                                                              SHA-512:EDBD33540CD1EF69F2CE824CFB991903EC6E4EDDA815F07D610247594CEEB2EBC78F05A44B4DE8C5C937191B7E8B2EF221423C06DF303D73DEEA721C25D15EED
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d.....#w.........." ...&.....0...............................................@......`.....`A........................................p................0...............0..8&..............p............................................................................rdata..D...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-memory-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22072
                                                                                                                                                                                                                              Entropy (8bit):4.7496431210219505
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:E6WZhW2WJWadJCsVWQ4KW7QLxwVIX01k9z3A2rgFl:E6WZhWTCsfR9zLUFl
                                                                                                                                                                                                                              MD5:5E93BF4AA81616285858CA455343B6D3
                                                                                                                                                                                                                              SHA1:8DE55BE56B6520801177F757D9E3235EC88085F7
                                                                                                                                                                                                                              SHA-256:C44EC29A51145281372007D241A2CC15B00D0BACC8ADFAAC61E8E82EFE8EA6A3
                                                                                                                                                                                                                              SHA-512:E6A46DAD1D7125DBAAF9D020100D7EC321620E38FDD1C931AF74E8EC25E841C52555EC9646A895AD4450DE94F70E82E9A237C2895DDFD16769B07CB73AD827E0
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...ee............" ...&.....0...............................................@............`A........................................p...l............0...............0..8&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22072
                                                                                                                                                                                                                              Entropy (8bit):4.6919844070599135
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:VWZhWo9WJWadJCsVWQ4KWcrY00pyEuX01k9z3A2pCaCI9p8Y:VWZhWTCsnrEpcR9zjpCDY
                                                                                                                                                                                                                              MD5:94FCE2F4B244D3968B75A4A61B2347AB
                                                                                                                                                                                                                              SHA1:C5898AF5FD941C19FCDD949C6B4E2BB090D040D2
                                                                                                                                                                                                                              SHA-256:C513BDC265654D2E9A304423F299FB46953631F0D78AF8C1D397CD58B491475A
                                                                                                                                                                                                                              SHA-512:1AFE1F3A9B803C5758FF24376FE040D856B5CA814717B490464260C9C78E70CE6C166EFBCC98E26AC12DD6173285B4863DA7DF4FF644D1D8150F8AC4B47113E1
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d..._+..........." ...&.....0...............................................@............`A........................................p................0...............0..8&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22072
                                                                                                                                                                                                                              Entropy (8bit):4.875726049629512
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:wgFWGWZhWmWJWadJCsVWQ4KWRYrxwVIX01k9z3A2r/3:jFjWZhWjCsDR9zLT3
                                                                                                                                                                                                                              MD5:DF64597430E1126C3BA0FE5ECF995004
                                                                                                                                                                                                                              SHA1:3E32AD558501FB9D108F885A55841605BE641628
                                                                                                                                                                                                                              SHA-256:9638950211CBDCDAEB886CAB277573391BF7DDA2FBDB24FC18D31125DC8A7C24
                                                                                                                                                                                                                              SHA-512:E16C1F5468BF2FC90B66B4B66DBAD62CDBE29180F8DA8AB8AD28D1B0C418CB96EADF24BB54F2EE9BCFE3176256D05F7EB591B6F908E47BD420BA22768FE0EA61
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d......e.........." ...&.....0...............................................@......Np....`A........................................p...H............0...............0..8&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22072
                                                                                                                                                                                                                              Entropy (8bit):5.215332998256423
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:rck1JzNcKSIVWZhWBCsbEpcR9zjpC/l2pB:zcKSFAEpw9z8/leB
                                                                                                                                                                                                                              MD5:D21BE88A58960EDFE83CCBBDF5C4103D
                                                                                                                                                                                                                              SHA1:3CB0D010837B77102E77CA62E1033EF4EB5473AC
                                                                                                                                                                                                                              SHA-256:3E909B4951E485DE391F9A101E513B32C6D3507674C4D666AD3105B939B25C24
                                                                                                                                                                                                                              SHA-512:99B1FDA3EC9292A59ED528AB243B4F8AC63E2D7B219135F26050BB7DD124A5D5DC4A14A69383A8AA0B03F0F0A3BCCF0C233EF09B8E3D3BDF43D0AA1CFC1A3992
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...\.YE.........." ...&.....0...............................................@.......l....`A........................................p................0...............0..8&..............p............................................................................rdata..d...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):21960
                                                                                                                                                                                                                              Entropy (8bit):4.761033474432705
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:2kDfIeeWZhWsWJWadJCsVWQ4iWZzbTseUfX01k9z3AuqBXh/Y:2kDfIeeWZhWZCsaz/6fR9zBg/Y
                                                                                                                                                                                                                              MD5:B1BA47D8389C40C2DDA3C56CBED14FC5
                                                                                                                                                                                                                              SHA1:2EEF9FFA32171D53AFFA44E3DB7727AA383F7FAC
                                                                                                                                                                                                                              SHA-256:C7277C05DC6B905FAD5CB930B0ECFBBC4676B46974B4571E54CA44CB6F6BE404
                                                                                                                                                                                                                              SHA-512:466E31F17F73BDA5149343B23F4966502A8597D2A2E43F9A6C9C32387451D92C6B658CCAAE27044E68E4A9FD0EF9C89E32DC7639D59FCF04C596B6ABFA09658B
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d................" ...&.....0...............................................@......,.....`A........................................p................0...............0...%..............p............................................................................rdata..\...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-profile-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):21960
                                                                                                                                                                                                                              Entropy (8bit):4.548179328701105
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:gWZhWtWJWadJCsVWQ4iWocCJOowcLK+X01k9z3A+TU3v:gWZhWsCsNy6R9zZY3v
                                                                                                                                                                                                                              MD5:430D7CDD96BC499BA9EB84BB36AA301A
                                                                                                                                                                                                                              SHA1:48B43F6E4FFA8423966D06B417B82C5F72525DD9
                                                                                                                                                                                                                              SHA-256:3E16B030A162EE3B4F6BF612AF75D02A768A87F2D6A41A83F5ADAB2EC3C24DD1
                                                                                                                                                                                                                              SHA-512:51042EBCA24086E1D0015FA921816A2F3C56065E1E15190B48C58656EB88610D64ACACB87584981963CAB501985C2CB68E53075CF5E0C65761BBDDAF56FBBAB0
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...x.\..........." ...&.....0...............................................@......C.....`A........................................p................0...............0...%..............p............................................................................rdata..P...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22056
                                                                                                                                                                                                                              Entropy (8bit):4.742588003611338
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:ahGeVfWZhWIlWEXCVWQ4KWEyttuX01k9z3AwQoz/C5N:ahGeVfWZhWDaSR9zVQEKz
                                                                                                                                                                                                                              MD5:C03DAA9E875FF8638F631B1C95F4B342
                                                                                                                                                                                                                              SHA1:71EAEACCEA8A302F87D1594CE612449C1195E882
                                                                                                                                                                                                                              SHA-256:A281AE7A487ECEA619E696903E5A8119AE3F9E9EB2F0B64B31A8324B530A4D35
                                                                                                                                                                                                                              SHA-512:EFA6CA2710F9827888F2CFCB87A321D66593B39988EBF743F37E2B8FE77DBA9517BDD8571D0BE7573CD6E1C786C1EDBA10857CFB6060E315AA0D46A16523D43B
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d................." ...&.....0...............................................@...........`A........................................p...<............0...............0..(&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-string-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22072
                                                                                                                                                                                                                              Entropy (8bit):4.653065529702944
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:AO9qVQzyMvrSWZhWqWJWadJCsVWQ4OWI+tDohHssDX01k9z3AHQHP6b:ywyMvWWZhWHCsuRoFDR9zcQ
                                                                                                                                                                                                                              MD5:9AB1BDE57B958090D53DE161469E5E8D
                                                                                                                                                                                                                              SHA1:8452AED000B2E77040BA8B1E5762532CDF5A60AD
                                                                                                                                                                                                                              SHA-256:199C988D566F19E8C67F4CD7147A7DF591CD2F2D648CBC511A5E4580346E75F4
                                                                                                                                                                                                                              SHA-512:CF53C6885E154A05F8773D6B66A605049D70CC544F22A11D423C885608CD387446306CE6DFEE2CC4EE9387CDC0A50DA55948B5E55AD94ACDE7C7FD04FE38A137
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...epXN.........." ...&.....0...............................................@.......?....`A........................................p................0...............0..8&..............p............................................................................rdata..l...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-synch-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22072
                                                                                                                                                                                                                              Entropy (8bit):5.131579423253394
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:zewidv3V0dfpkXc0vVaU8WZhWOCswEpcR9zjpCuSU:aHdv3VqpkXc0vVamKEpw9z8uj
                                                                                                                                                                                                                              MD5:2C4BE18E4D56E056B3FB7C2AFB032E9E
                                                                                                                                                                                                                              SHA1:9620C91A98175DDDCCC1F1AF78393143249E9EB9
                                                                                                                                                                                                                              SHA-256:56657DA3DB3877624F5DAD3980DF3235FE7E1038916627C0845B5001199D513F
                                                                                                                                                                                                                              SHA-512:18CBB5671ED99B475C7F6FF2D41943BA6D28FBBD781884BF069D1AA83F051C00D61BAA11459DCCA4FE2A4BC26C3540E1F598E4E0AE59A5E18D340A68B695ED78
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d.....Y.........." ...&.....0...............................................@............`A........................................p...X............0...............0..8&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-synch-l1-2-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):21944
                                                                                                                                                                                                                              Entropy (8bit):4.795933306978902
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:stZ3rWZhWrWEXCVWQ4iWJmDoSJj+iX01k9z3ATaF2k:stZ3rWZhWgSmDX+iR9zYaz
                                                                                                                                                                                                                              MD5:B865442FB6836A9B933A216109FF3D0F
                                                                                                                                                                                                                              SHA1:15011FCAEA649CA016FA93996639F59C23B74106
                                                                                                                                                                                                                              SHA-256:498194CFE8B1138385595A7DB3863ADF29A9663551D746FB64648FFD075186B3
                                                                                                                                                                                                                              SHA-512:EEB9FA00A941C4B30320FBB9ECC2717E53D13CD12394500D795BE742DBE25C5FDF8590E9FE7F3B210A9D9AA07C7392419823A6A947591E7A38707A87309A2B76
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...^Q............" ...&.....0...............................................@............`A........................................p...x............0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):21960
                                                                                                                                                                                                                              Entropy (8bit):4.851336652526625
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:wgdKIMFCbmaovWZhW4WJWadJCsVWQ42Wns9rxu3O6YX01k9z3AFzqw9Sl:dj78WZhWlCs4s9fR9z2On
                                                                                                                                                                                                                              MD5:1F0AB051A3F210DB40A8C5E813BA0428
                                                                                                                                                                                                                              SHA1:E2EC19439618DF1D6F34EE7C76108E3EA90A8B14
                                                                                                                                                                                                                              SHA-256:2D4CDDA6D6AEC0B1A84D84528380C5650683B8EED680F3CAFD821AC7F422070C
                                                                                                                                                                                                                              SHA-512:A8BA535580D6756AC30E725411980A8D17E9A8AA1229233BB7A9B15C55B18B61136772D5D75CCE0EDF21B0F300BBD4D2458A4C69762261E928EF3CB7D5A14BDD
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...8"0..........." ...&.....0...............................................@............`A........................................p...H............0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22056
                                                                                                                                                                                                                              Entropy (8bit):4.814262557975911
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:ShmnWZhWQWEXCVWQ4KW6lho1NVAv+cQ0GX01k9z3AOHMCQH:SAWZhWLTH4NbZR9zDHMR
                                                                                                                                                                                                                              MD5:953C63EF10EC30EF7C89A6F0F7074041
                                                                                                                                                                                                                              SHA1:4B4F1FF3085FDED9DBD737F273585AD43175B0A3
                                                                                                                                                                                                                              SHA-256:C93954167C12E15B58AC95240D2E0A2FBD94561D739D9F6ACA906D9C30453496
                                                                                                                                                                                                                              SHA-512:B4534785E4D02AD387E3C6082884D438CC4B3CD8758AABCF99620052F5842DBD298351BC1723C274D4F7D3FCE0CC940DF3D47865FECE2F07CDB1151376BA852E
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d....*............" ...&.....0...............................................@............`A........................................p...H............0...............0..(&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-util-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22064
                                                                                                                                                                                                                              Entropy (8bit):4.599333886916871
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:hWZhWaWJWadJCsVWQ4qWiTl+hHssDX01k9z3AHQHFUUG:hWZhWXCs/+FDR9zcQDG
                                                                                                                                                                                                                              MD5:85A8B925D50105DB8250FA0878BB146E
                                                                                                                                                                                                                              SHA1:4B56D7EB81E0666E0CD047F9205584A97CE91A01
                                                                                                                                                                                                                              SHA-256:F3324803591D2794BAD583C71D5036976941631A5F0E6D67C71FC8BA29F30BA8
                                                                                                                                                                                                                              SHA-512:CB074508052FAFA8BAA2E988E0F4241411A543E55A6A9FEE915029C6AA87C93CCE1F0B14FE0658361B6B4AB6880B31A950C215404C0D71D8A862D4E74AB3B797
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d................" ...&.....0...............................................@............`A........................................p...<............0...............0..0&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-conio-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22072
                                                                                                                                                                                                                              Entropy (8bit):4.90510985681131
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:LhoWZhWEWWJWadJCsVWQ4KWiJYCY00pyEuX01k9z3A2pCapIcR/3:+WZhWEzCs1REpcR9zjpCw3
                                                                                                                                                                                                                              MD5:43760078912B411595BCDED3B2EB063D
                                                                                                                                                                                                                              SHA1:BD00CD60FD094B87AB0CFF30CD2AFE0A78853F22
                                                                                                                                                                                                                              SHA-256:0A9BCAA55326373200396BB1AF46B3058F8F7AF7BE3289544DDDBAFDEC420FEA
                                                                                                                                                                                                                              SHA-512:D779F67BBB6E9867BCEF7667C28E0032C01F36B8EA418504E9683240A6C0D9640B24D1DC5FA78CC9DCC4515F7BE0D314F27EBCEBC047B2E0F71680905D87827B
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...8q............" ...&.....0...............................................@.......@....`A.........................................................0...............0..8&..............p............................................................................rdata..p...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-convert-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):26152
                                                                                                                                                                                                                              Entropy (8bit):4.868380796510273
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:tk9cydWZhWVWEXCVWQ4KWvcADB6ZX01k9z3AT2BE:ttydWZhWiWcTR9zW2e
                                                                                                                                                                                                                              MD5:55E742035343AF7B93CAEEB71D322BED
                                                                                                                                                                                                                              SHA1:121134DFECA618EC3FAE3FB640E541141D0C7B65
                                                                                                                                                                                                                              SHA-256:2364FA428DEBA813B8A27B369ACEA8ED365AA5C9DA776D57E146576920746F0E
                                                                                                                                                                                                                              SHA-512:601474B8C9185CB734DF191F4382590F1466C0A32773E17C73AFA5C1446DC648253D44E4EBAD6CE0D29288AFB1D7794C09FF0D7CFE81A3ADC3DC26B3DA46103D
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d.....!B.........." ...&.....@...............................................P......s.....`A.........................................................@...............@..(&..............p............................................................................rdata..n........ ..................@..@.data........0......................@....rsrc........@.......0..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-environment-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22072
                                                                                                                                                                                                                              Entropy (8bit):4.728659141523223
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:QhWZhWyWJWadJCsVWQ4KWQU2Y00pyEuX01k9z3A2pCa/IcbY:QhWZhWPCsPEpcR9zjpCuk
                                                                                                                                                                                                                              MD5:4EEB879FCEEAE59927F98A1A199B59CA
                                                                                                                                                                                                                              SHA1:3BB833EDF4C10B42B7B376B93644CCC7F9A4B0F8
                                                                                                                                                                                                                              SHA-256:E1B95E27CAD9DA4F0BD8BF4C913F49B9B8DA6D28303F2946B55DA3BD7FEB36A3
                                                                                                                                                                                                                              SHA-512:6A43EB0C660395A60D17401E948BC4DA010261197EA13B5C9E043E7EE93C30EB17EFB9B6B138ECDD77DDC3D0CAA98921B57BFC244F6CD554417A0FBA5C9407B0
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...F..5.........." ...&.....0...............................................@......a.....`A............................................"............0...............0..8&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):21944
                                                                                                                                                                                                                              Entropy (8bit):5.169073785182673
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:GEpnWlC0i5ClWZhWPWEXCVWQ4iWv6I8HNsAX01k9z3AqjEgr7HO:vnWm5ClWZhWENtHNsAR9zygr6
                                                                                                                                                                                                                              MD5:1FD59E1DD71EB3BDADB313029710DC33
                                                                                                                                                                                                                              SHA1:82F5DE117D9C55247DA873AB8AD23F4E07841366
                                                                                                                                                                                                                              SHA-256:953E4403094EC0C3E8C3A9AB38012CC36D86AC5FE3FFF2D6B6C5F51F75737C46
                                                                                                                                                                                                                              SHA-512:69608FF0127587B93DB86C8CB27A932FA4B550C7D8D908F9FB8579BA2BCCC6D43E7283363F7B46DD39A40A8C790A030028A78302703658FD5D68F5EE9452A5AA
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d................" ...&.....0...............................................@............`A.........................................................0...............0...%..............p............................................................................rdata..0...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-heap-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):21960
                                                                                                                                                                                                                              Entropy (8bit):4.827217723133749
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:rvh8Y17aFBRIWZhWdWJWadJCsVWQ4iWwBxu3O6YX01k9z3AFAjjHVy:bLdWZhW8CsRFR9z2AjjHVy
                                                                                                                                                                                                                              MD5:481282554B34E19C77978DC7888434E6
                                                                                                                                                                                                                              SHA1:BD33F1189FC79AC57716F9D030EF0BDD30205115
                                                                                                                                                                                                                              SHA-256:8895C5AB2152A7F25F0C44A3457867229046952106D422331A1C57AD7935B47E
                                                                                                                                                                                                                              SHA-512:FBE98FDA91618DD980709BABD8E56B8C4C4FF370E6DE23075F89303AAFFFD723DDDFD270F388C573914385E957ADD756BFE2B1FCEF5F9F86CB30E111177A52E9
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d....eM..........." ...&.....0...............................................@......$.....`A.........................................................0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-locale-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):21944
                                                                                                                                                                                                                              Entropy (8bit):4.790131923417916
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:dDWZhWqqWEXCVWQ4iWEchBm+0U8X01k9z3Areh3:1WZhWaf2Bmo8R9zYs
                                                                                                                                                                                                                              MD5:78FC4A7E489F64EA5E0A745C12477FD8
                                                                                                                                                                                                                              SHA1:51AB73B5142EE2F742ABDAEDF427690613A19F4A
                                                                                                                                                                                                                              SHA-256:C12C28E3391A8C8ADCABE4632470DE824118C56338F46FCD8B99257709F50604
                                                                                                                                                                                                                              SHA-512:C9064FF0B39421B28720E65E70695A997995CBEC80F1534D88B886BDA1797A7316D9B61E458B894B528C7BCE21C36F1D4ACD916DE96D0CDFDE59107EA93CD5D7
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...j5O@.........." ...&.....0...............................................@.......{....`A............................................e............0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-math-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):30248
                                                                                                                                                                                                                              Entropy (8bit):5.124756298989814
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:r7yaFM4Oe59Ckb1hgmLhWZhWPC2R9zQaXy:/FMq59Bb1jMbK9zni
                                                                                                                                                                                                                              MD5:A12569B252B6761A6330D2FFB6C2983B
                                                                                                                                                                                                                              SHA1:CC6BDB88B252144AF816976A181D2B3B961CE389
                                                                                                                                                                                                                              SHA-256:AB0DE0CF89F88B947E01A5AB630D71384AD69F903CEF063CCB10DE54D061EA2E
                                                                                                                                                                                                                              SHA-512:EE9CB0E2C613374348A34E4A65C83DA8D35E6E841F50EED726FF397C7BB6EC430ED200B3B1A541041A91EBE5AE0C96270EE7B891C8C173B340C82ABD2CDF8750
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...K..G.........." ...&.....P...............................................`.......$....`A.............................................%...........P...............P..(&..............p............................................................................rdata...'.......0..................@..@.data........@......................@....rsrc........P.......@..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-process-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):21944
                                                                                                                                                                                                                              Entropy (8bit):4.851114039202199
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:HeXrqjd79WZhWHWEXCVWQ4iWs1lNowcLK+X01k9z3A++/+e:H4rEWZhWcRTN6R9zZK
                                                                                                                                                                                                                              MD5:38D1C8D2AA2023D85ACA69286D79FB78
                                                                                                                                                                                                                              SHA1:A97E806268DC4EE781EC2BFB654ED8BF91C2A83A
                                                                                                                                                                                                                              SHA-256:381A09A63B5818A2499144ADBD8C5F6BBCFCE93D643E9920CC54485006FBCC48
                                                                                                                                                                                                                              SHA-512:FC71441009EBE69DFBC04A791CB401306CB88F7BED5290CD899E234D290209917DC7FBD0D0D1A16CEB056858C77306B8EE5F3C17432F3594904B73B20162738E
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d................" ...&.....0...............................................@............`A............................................x............0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):26152
                                                                                                                                                                                                                              Entropy (8bit):5.013491600663517
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:pmGqX8mPrpJhhf4AN5/KixWZhWnWEXCVWQ4KWMKDUX01k9z3AmaSAWXH:pysyr7PWZhW83pR9zX7VH
                                                                                                                                                                                                                              MD5:DC8BFCEEC3D20100F29FD4798415DC00
                                                                                                                                                                                                                              SHA1:BD4764BE2833F40C1CC54229C759F83D67AE5294
                                                                                                                                                                                                                              SHA-256:4950D0A97CB18971355247FECCFD6F8EA24E46BCA30F54540C050E4631EC57A8
                                                                                                                                                                                                                              SHA-512:CC7899AD716A81AF46D73B1CB8DED51AEE9619F2ACCC35859E351FB8EE4F965F5BCC9ADBB7353CA7A3C8E39D36C09481F66519CB173DA1D2578718C764FB6FAE
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d....Xj..........." ...&.....@...............................................P............`A............................................4............@...............@..(&..............p............................................................................rdata........... ..................@..@.data........0......................@....rsrc........@.......0..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):26168
                                                                                                                                                                                                                              Entropy (8bit):5.280902373266687
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:cqy+OV2OlkuWYFxEpah7WZhWNWJWadJCsVWQ4KW2TaY00pyEuX01k9z3A2pCahIS:8+OV2oFVh7WZhWMCsveEpcR9zjpCKn
                                                                                                                                                                                                                              MD5:4A3342BCE6B58EF810E804F1C5915E40
                                                                                                                                                                                                                              SHA1:FE636CCA0A57E92BB27E0F76075110981D3B3639
                                                                                                                                                                                                                              SHA-256:2509179079A598B3E5DFD856D8E03E45DE7379C628901DBD869EC4332DDB618C
                                                                                                                                                                                                                              SHA-512:F0C626F88F016C17FA45EA62441DD862A9575666EC06734F61D8E153C5F46A016FE1D9271293A8E29AFBD167F7A381E3EE04CB413736BC224AC31E0FE760341C
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...T.w..........." ...&.....@...............................................P......x.....`A............................................a............@...............@..8&..............p............................................................................rdata........... ..................@..@.data........0......................@....rsrc........@.......0..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-string-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):26168
                                                                                                                                                                                                                              Entropy (8bit):5.274613783530853
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:7CV5yguNvZ5VQgx3SbwA71IkFhmwEpw9z8Eb:A5yguNvZ5VQgx3SbwA71IyVEp4z5
                                                                                                                                                                                                                              MD5:2E657FE299572EACDAC67F4B9F603857
                                                                                                                                                                                                                              SHA1:EB4FBC0147D4DF5D4EF81953BC1265D505A19297
                                                                                                                                                                                                                              SHA-256:EC3C2BFF10B9469AC9C6ED109307731A1A4694FB54856DDD082A2FFD3CC34DF2
                                                                                                                                                                                                                              SHA-512:EE3899584ECECE342ACCBD73D681358CFE8B4FD2ED07CF3034B14F3D04E3B03E5D6D041A0AFCB0B2B2B5AFAC118032317B5ECA00D11F7703D9D0DAE0E3AC38F7
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d......G.........." ...&.....@...............................................P......}.....`A.........................................................@...............@..8&..............p............................................................................rdata.._........ ..................@..@.data........0......................@....rsrc........@.......0..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-time-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22072
                                                                                                                                                                                                                              Entropy (8bit):5.236019047489365
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:AlhwDiWZhWgWJWadJCsVWQ4KWIq4nzY00pyEuX01k9z3A2pCa0Il:yWZhWtCsDxzEpcR9zjpC2
                                                                                                                                                                                                                              MD5:9BC895E2CC140E168FA55372FCE8682B
                                                                                                                                                                                                                              SHA1:579D71E19331625DDA84BAA9D8B81DD3BAFC9913
                                                                                                                                                                                                                              SHA-256:287F80B2B330CC5F9FDF47DE50B189993CE925B5E2B7A6DA5CDAEF9C7D5F36C1
                                                                                                                                                                                                                              SHA-512:DE0E5C6F9656106FCF2443D863D26C4B16BBB5B40E676199F9C459BE02B4837A2D32BDDDA82543EB2E0BF14A27EDEA7F5D506914DA8D63DA77ED7CCD2204AA65
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...M.l..........." ...&.....0...............................................@...........`A.........................................................0...............0..8&..............p............................................................................rdata..=...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-utility-l1-1-0.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22072
                                                                                                                                                                                                                              Entropy (8bit):4.794932075714544
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:y/fHQdu3WZhWKWJWadJCsVWQ4KWbyg8Y00pyEuX01k9z3A2pCaFIpM:y/f5WZhWnCsmyg8EpcR9zjpCxM
                                                                                                                                                                                                                              MD5:4653DA8959B7FE33D32E61E472507D54
                                                                                                                                                                                                                              SHA1:6D071B52F40DC609F40989B3DD0FB53124607DF8
                                                                                                                                                                                                                              SHA-256:B7E186A946119791E42F17E623732E23F864F98B592C41D95B3DA0532EA9D5F3
                                                                                                                                                                                                                              SHA-512:81E17CF4B64ED5EFBA191D35B1877384544557C3001EFA0321A755A35413740AE66E39E39F573D3184EF8C893C739A74D37F170FE540F81177A83B44BC18BA6D
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d....s$..........." ...&.....0...............................................@......f.....`A............................................^............0...............0..8&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1029627
                                                                                                                                                                                                                              Entropy (8bit):5.501988597633617
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24576:fhidb8tosQNRs54PK4IMiVw59bfCEzX2TBEx7gR32Dq:fhidb8tosQNRs54PK4I29OTBA7iKq
                                                                                                                                                                                                                              MD5:BF8C0D4A45F2C849F32485A563ECBF6F
                                                                                                                                                                                                                              SHA1:463617160DCB24C679C40A53B5A89B8B199B1708
                                                                                                                                                                                                                              SHA-256:0365E936E50D48B88DB4630735ED6D4D8A57FC933CAB533C36CA1267213E8B14
                                                                                                                                                                                                                              SHA-512:01FC89A4BDCFCA4532930A58A02639151DBBAE0EF751D75ADCE258741CD09F3DA1625C8769856C0CCCB2DC8A4F2A713035F00792B3FB2DACB454BAE35CCCD528
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:PK..........!...7............._bootlocale.pycU....................................@....z...d.Z.d.d.l.Z.d.d.l.Z.e.j...d...r,d.d.d...Z.nJz.e.j...W.n4..e.k.rj......e.e.d...r\d.d.d...Z.n.d.d.d...Z.Y.n.X.d.d.d...Z.d.S.)...A minimal subset of the locale module used at interpreter startup.(imported by the _io module), in order to reduce startup time...Don't import directly from third-party code; use the `locale` module instead!......N..winTc....................C........t.j.j.r.d.S.t.....d...S.).N..UTF-8.........sys..flags..utf8_mode.._locale.._getdefaultlocale....do_setlocale..r......_bootlocale.py..getpreferredencoding...............r......getandroidapilevelc....................C........d.S.).Nr....r....r....r....r....r....r...............c....................C........t.j.j.r.d.S.d.d.l.}.|...|...S.).Nr....r......r....r....r......localer......r....r....r....r....r....r.....................c....................C....6...|.r.t...t.j.j.r.d.S.t...t.j...}.|.s2t.j.d.k.r2d.}.|.S.).Nr......darwin....A

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\bcrypt\_bcrypt.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):304128
                                                                                                                                                                                                                              Entropy (8bit):6.439270025490856
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6144:YotX4Kpgfhnyu9Bkio/5hV+6gSa/AUJed:YcXlOAuDkioBj+Md
                                                                                                                                                                                                                              MD5:C00C889C86F1953954B15D59FB93F888
                                                                                                                                                                                                                              SHA1:C642CB2C0A198999E1E8C22D0D5A329475B2D95F
                                                                                                                                                                                                                              SHA-256:93477D20C0BF0235B0287FB8274F563EDE810838154C4EF841B3388B3BE6387B
                                                                                                                                                                                                                              SHA-512:0EA1532C13302FD85707E7E33DB5A0E35C407EAAFC7CF5CC2DB6C0662A940C32D9925CFCBE385475883D2F1706EA4CADBAE65A9E4F857A963CC9E638E7F6B823
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........?..Q..Q..Q......Q.''P..Q.''R..Q.''U..Q.''T..Q.%P..Q..P..Q..P.d.Q..Q.Q.. Q..Q.. S..Q.Rich.Q.................PE..d......f.........." ...(.$...~......|.....................................................`..........................................w..T....w..................x'..............4.......T.......................(.......@............@...............................text...6#.......$.................. ..`.rdata...F...@...H...(..............@..@.data...0............p..............@....pdata..x'.......(...t..............@..@.reloc..4...........................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\certifi\cacert.pem

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):291528
                                                                                                                                                                                                                              Entropy (8bit):6.047650375646611
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5NP:QWb/TRJLWURrI5RWavdF0J
                                                                                                                                                                                                                              MD5:181AC9A809B1A8F1BC39C1C5C777CF2A
                                                                                                                                                                                                                              SHA1:9341E715CEA2E6207329E7034365749FCA1F37DC
                                                                                                                                                                                                                              SHA-256:488BA960602BF07CC63F4EF7AEC108692FEC41820FC3328A8E3F3DE038149AEE
                                                                                                                                                                                                                              SHA-512:E19A92B94AEDCF1282B3EF561BD471EA19ED361334092C55D72425F9183EBD1D30A619E493841B6F75C629F26F28DC682960977941B486C59475F21CF86FFF85
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\charset_normalizer\md.cp38-win_amd64.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):10752
                                                                                                                                                                                                                              Entropy (8bit):4.672271015164389
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:IdCh72HzA5iJGhU2Y0hQMsQJCUCLsZEA4elh2XQMtCFQHq0fcX6g8cim1qeSju1:Im2HzzU2bRYoeuHncqgvimoe
                                                                                                                                                                                                                              MD5:38105DF780EDDD734027328E0DCA0CA3
                                                                                                                                                                                                                              SHA1:45F1D9E3472478F8E1BA86675F5C81C00B183BEA
                                                                                                                                                                                                                              SHA-256:9512896233D2119E78E2E1FCFD83643B2BE2B427F08D16FC568FE98B9D4913CB
                                                                                                                                                                                                                              SHA-512:BA2A05C236CE47D87888F618BE2B23532D0D882578707B07AE220A96883B468F7088A19EBBE3BAC2ADF4035DA6B7EE6FA9E57B620E2BC67B28E54CD969D6BBB3
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B1...P...P...P...(...P.../...P..M(...P.../...P.../...P.../...P...$...P...P.. P..?...P..?...P..?.a..P..?...P..Rich.P..........................PE..d....gAe.........." ...%.....................................................p............`..........................................'..l...\(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\charset_normalizer\md__mypyc.cp38-win_amd64.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):118784
                                                                                                                                                                                                                              Entropy (8bit):5.878471536699278
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3072:fwyXU0GUUIB37Jy/TcqxcBpAFbbC6CpmZ48q:YUqxEqCfEZpq
                                                                                                                                                                                                                              MD5:073F09E1EDF5EC4173CE2DE1121B9DD1
                                                                                                                                                                                                                              SHA1:6CDB2559A1B706446CDD993E6FD680095E119B2E
                                                                                                                                                                                                                              SHA-256:7412969BFE1BCA38BBB25BAB02B54506A05015A4944B54953FCFDB179EC3F13C
                                                                                                                                                                                                                              SHA-512:70A1A766001EC78A5FCE7EADF6CAE07F11B3CA6B08115E130C77D024524879577CCAB263C596102102B1569933C601592FBB5EE07C7DB123BB850965EF8E8E96
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............pr..pr..pr......pr...s..pr...s..pr...w..pr...v..pr...q..pr.#.s..pr..ps..pr...z..pr...r..pr......pr...p..pr.Rich.pr.........................PE..d....gAe.........." ...%.*.......... -....................................... ............`.............................................`...P.......................................Px...............................w..@............@...............................text...H(.......*.................. ..`.rdata...W...@...X..................@..@.data...8=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\cryptography-3.4.8.dist-info\INSTALLER

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4
                                                                                                                                                                                                                              Entropy (8bit):1.5
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:Mn:M
                                                                                                                                                                                                                              MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                              SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                              SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                              SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:pip.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\cryptography-3.4.8.dist-info\LICENSE

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):323
                                                                                                                                                                                                                              Entropy (8bit):4.554768229532207
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:h9Co8FyQjkDYc5tWreLBF/pn2mHr2DASvUSBT5+FL8tjivzn:h9aVM/mrGzRsvUSBT5+J8li7n
                                                                                                                                                                                                                              MD5:BF405A8056A6647E7D077B0E7BC36ABA
                                                                                                                                                                                                                              SHA1:36C43938EFD5C62DDEC283557007E4BDFB4E0797
                                                                                                                                                                                                                              SHA-256:43DAD2CC752AB721CD9A9F36ECE70FB53AB7713551F2D3D8694D8E8C5A06D6E2
                                                                                                                                                                                                                              SHA-512:16590110B2F659D9C131B2093E05D30919A67368154305DCFE8D54FB88525F49F9F9F385A77BA5BCBEA8092061011D72B1BCC65CDC784BCFDDE10CE4DCE5586F
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses...The code used in the OS random engine is derived from CPython, and is licensed.under the terms of the PSF License Agreement..

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\cryptography-3.4.8.dist-info\LICENSE.APACHE

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):11360
                                                                                                                                                                                                                              Entropy (8bit):4.426756947907149
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                                              MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                                              SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                                              SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                                              SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\cryptography-3.4.8.dist-info\LICENSE.BSD

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1532
                                                                                                                                                                                                                              Entropy (8bit):5.058591167088024
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                                              MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                                              SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                                              SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                                              SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\cryptography-3.4.8.dist-info\LICENSE.PSF

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):2415
                                                                                                                                                                                                                              Entropy (8bit):5.015031803022437
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:xUXyp7TEJzIXFCPXB/XF/gwHsV3XF2iDaGkiCXF1u0A2s/8AMUiioTqNyPhIXF+v:KXG3EJ0EPX9rsV3ZdkZ8oAShTkyZIYAw
                                                                                                                                                                                                                              MD5:43C37D21E1DBAD10CDDCD150BA2C0595
                                                                                                                                                                                                                              SHA1:ACF6B1628B04FE43A99071223CDBD7B66691C264
                                                                                                                                                                                                                              SHA-256:693EC0A662B39F995A4F252B03A6222945470C1B6F12CA02918E4EFE0DF64B9F
                                                                                                                                                                                                                              SHA-512:96D7C63AD24F7543599F0FED919948E486B35D01694BE02D980A8BA3D2A8B5A0E42341D940841D3528F56F09A582D32B3E81DED44BB3AAD1874C92650CB08129
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:1. This LICENSE AGREEMENT is between the Python Software Foundation ("PSF"), and. the Individual or Organization ("Licensee") accessing and otherwise using Python. 2.7.12 software in source or binary form and its associated documentation...2. Subject to the terms and conditions of this License Agreement, PSF hereby. grants Licensee a nonexclusive, royalty-free, world-wide license to reproduce,. analyze, test, perform and/or display publicly, prepare derivative works,. distribute, and otherwise use Python 2.7.12 alone or in any derivative. version, provided, however, that PSF's License Agreement and PSF's notice of. copyright, i.e., "Copyright . 2001-2016 Python Software Foundation; All Rights. Reserved" are retained in Python 2.7.12 alone or in any derivative version. prepared by Licensee...3. In the event Licensee prepares a derivative work that is based on or. incorporates Python 2.7.12 or any part thereof, and wants to make the. derivative work available to ot

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\cryptography-3.4.8.dist-info\METADATA

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):5068
                                                                                                                                                                                                                              Entropy (8bit):5.076339504081192
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:DDKVZ4WQIUQIhQIKQILbQIRIaMmPktxsx/1A0ivAEYaCjF04rpklE2jQech5mjvj:0acPuPXs/u0ivAEYaCjF04rpklE2jE03
                                                                                                                                                                                                                              MD5:6723294F406FC0A1E70892680472A8E1
                                                                                                                                                                                                                              SHA1:18802D07F5E3C416BD27B204AF13EE08316E0C4A
                                                                                                                                                                                                                              SHA-256:CFB2C2C8067495438DC92FD335B51A04584A01283FCDDB6E4B03859049BEA2C6
                                                                                                                                                                                                                              SHA-512:97DBDFF77AE87E5AED7A680668F9E8FB4A1FF5F3A7CB290E064896DF99ED2954E5D69433C605EAF97BE44D980FC4564C10A39176650BA4CBCE37FBCA0E22BE92
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:Metadata-Version: 2.1.Name: cryptography.Version: 3.4.8.Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers..Home-page: https://github.com/pyca/cryptography.Author: The Python Cryptographic Authority and individual contributors.Author-email: cryptography-dev@python.org.License: BSD or Apache License, Version 2.0.Platform: UNKNOWN.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Classifier: Operating System :: POSIX :: Linux.Classifier: Operating System :: Microsoft :: Windows.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language ::

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\cryptography-3.4.8.dist-info\RECORD

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:CSV text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):16213
                                                                                                                                                                                                                              Entropy (8bit):5.517159774741598
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:NUXaxfEhrvJzrPMOOZWGmAufMdpdNT2UbycOpCNOvUfomBN:NUKxfEhrvJzbI2kF/N
                                                                                                                                                                                                                              MD5:B7B9537DB89E17783D25AFB4EC15F462
                                                                                                                                                                                                                              SHA1:77B37400EE0F3751C9BED57C2B3BB38F0F801FE2
                                                                                                                                                                                                                              SHA-256:771938223E14E33E82D4D16D8D4FA873D196C164CBEF5ECBADED8C5EE2A59DAC
                                                                                                                                                                                                                              SHA-512:8DF93B200B10A55549BB04ABED1AECCCD4952FFFE829C3F90097602125B425C5E5812077DD3CC9F993E3FE02AC887C046AE06A345471419E77AC14F2A757EAB9
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:cryptography-3.4.8.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-3.4.8.dist-info/LICENSE,sha256=Q9rSzHUqtyHNmp827OcPtTq3cTVR8tPYaU2OjFoG1uI,323..cryptography-3.4.8.dist-info/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-3.4.8.dist-info/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography-3.4.8.dist-info/LICENSE.PSF,sha256=aT7ApmKzn5laTyUrA6YiKUVHDBtvEsoCkY5O_g32S58,2415..cryptography-3.4.8.dist-info/METADATA,sha256=z7LCyAZ0lUONyS_TNbUaBFhKASg_zdtuSwOFkEm-osY,5068..cryptography-3.4.8.dist-info/RECORD,,..cryptography-3.4.8.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..cryptography-3.4.8.dist-info/WHEEL,sha256=g0Gp_9X_YiwOuaF1hZMQNaS1qKUg2WIXRJjlZWggGSw,100..cryptography-3.4.8.dist-info/top_level.txt,sha256=rR2wh6A6juD02TBZNJqqonh8x9UP9Sa5Z9Hl1pCPCiM,31..cryptography/__about__.py,sha256=Gma4uMyERDaqXMloHsN56Lo-XunkiH9-joZKZJPG5a8,805..cryptography/__ini

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\cryptography-3.4.8.dist-info\WHEEL

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):100
                                                                                                                                                                                                                              Entropy (8bit):4.992787665793268
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:RtEeX7MWcSlViYHgP+tkKc5vKQLn:RtBMwlViYAWK/SQLn
                                                                                                                                                                                                                              MD5:81473BB8DD3C8C2FAB84DF8D7FE8E9FB
                                                                                                                                                                                                                              SHA1:F91348D2BD8A4A48F331C55ED939AA964C2503E1
                                                                                                                                                                                                                              SHA-256:8341A9FFD5FF622C0EB9A17585931035A4B5A8A520D962174498E5656820192C
                                                                                                                                                                                                                              SHA-512:C16213B3BEA153A781C3EBD1741CA34865F6240A7AA1F9DBF73F9D0C7D7FBAF2545EDAF9CEEA89C287725273EC5F744FF7FFEC073121EFDE3E7783671129301A
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.37.0).Root-Is-Purelib: false.Tag: cp36-abi3-win_amd64..

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\cryptography-3.4.8.dist-info\top_level.txt

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):31
                                                                                                                                                                                                                              Entropy (8bit):3.962103165155795
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:DA1JjBHvAYuOv:DUOev
                                                                                                                                                                                                                              MD5:62246E29EB9A005B743A15C18FE944DD
                                                                                                                                                                                                                              SHA1:10A5E354DAA692FF714D3C49BED348ABD8A485C7
                                                                                                                                                                                                                              SHA-256:AD1DB087A03A8EE0F4D93059349AAAA2787CC7D50FF526B967D1E5D6908F0A23
                                                                                                                                                                                                                              SHA-512:F16FDA3B0A05A1B5F7D8F63E8A223B27CA4689F559D4A00357E129ECB24AD3E8B4519A70D59919DE8D93ADC8AD3B0EAF05192E3D18CE876D7DCA13ED498A0FCC
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:_openssl._padding.cryptography.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\cryptography\hazmat\bindings\_openssl.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):3120128
                                                                                                                                                                                                                              Entropy (8bit):6.664100235549327
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:49152:FMVwASOyGtlql4IU6iAc1vdDP4GKJmhpdmdYTKugTt2mPTUT42Nr:JH+r1vphSaTm2QUT42l
                                                                                                                                                                                                                              MD5:40646757F855E446AE37FEC76DE99A92
                                                                                                                                                                                                                              SHA1:7013F6F293FF8DF18558147C7D05F7D453FAF447
                                                                                                                                                                                                                              SHA-256:68F036B96D1BF85C5BB7BD15DF187E1BA3A848B2ABCF04FE5D2598CDEE13DCF0
                                                                                                                                                                                                                              SHA-512:A25F689C85B9E19F6AA9E1CD10CB414D38CAB79BA476E52756F7D3879895DE225457D94384B7DFD4754C2A0753D7FF258B7DA52A829568BA6C8E9F2BB96D9FDE
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......tDW,0%9.0%9.0%9.9].."%9.bP8~2%9.bP<~<%9.bP=~8%9.bP:~4%9..Q8~2%9.$N8~=%9.0%8..%9.0%9.,%9..P=~.'9..P1~1%9..P9~1%9..P..1%9..P;~1%9.Rich0%9.........................PE..d...:+%a.........." .....L"......... .........................................0...........`......................................... N,.P...pN,.h...../......0...D............/.h}....*.............................0.*.8............`"..............................text....K"......L"................. ..`.rdata..,....`"......P".............@..@.data.......p,......T,.............@....pdata...D...0...F....-.............@..@.rsrc........./......./.............@..@.reloc..h}..../..~..../.............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\libcrypto-1_1.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):3399200
                                                                                                                                                                                                                              Entropy (8bit):6.094152840203032
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:98304:R3+YyRoAK2rXHsoz5O8M1CPwDv3uFh+r:t9yWAK2zsozZM1CPwDv3uFh+r
                                                                                                                                                                                                                              MD5:CC4CBF715966CDCAD95A1E6C95592B3D
                                                                                                                                                                                                                              SHA1:D5873FEA9C084BCC753D1C93B2D0716257BEA7C3
                                                                                                                                                                                                                              SHA-256:594303E2CE6A4A02439054C84592791BF4AB0B7C12E9BBDB4B040E27251521F1
                                                                                                                                                                                                                              SHA-512:3B5AF9FBBC915D172648C2B0B513B5D2151F940CCF54C23148CD303E6660395F180981B148202BEF76F5209ACC53B8953B1CB067546F90389A6AA300C1FBE477
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............K..K..K..;K..K...J..K...J..K...J..K...J..K...J..K..Kb.Kd..J..Kd..J..Kd..J..Kd.WK..Kd..J..KRich..K........................PE..d......^.........." .....R$..........r.......................................`4......~4...`.........................................`...hg...3.@.....3.|.....1.......3. .....3..O...m,.8............................m,...............3..............................text...GQ$......R$................. ..`.rdata.......p$......V$.............@..@.data....z...P1..,...41.............@....pdata..P.....1......`1.............@..@.idata...#....3..$....3.............@..@.00cfg........3......@3.............@..@.rsrc...|.....3......B3.............@..@.reloc..fx....3..z...J3.............@..B................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\libffi-7.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):32792
                                                                                                                                                                                                                              Entropy (8bit):6.3566777719925565
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:2nypDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYIoBneEAR8:2l0Vn5Q28J8qsqMttktDxOpWDG4yKRF
                                                                                                                                                                                                                              MD5:EEF7981412BE8EA459064D3090F4B3AA
                                                                                                                                                                                                                              SHA1:C60DA4830CE27AFC234B3C3014C583F7F0A5A925
                                                                                                                                                                                                                              SHA-256:F60DD9F2FCBD495674DFC1555EFFB710EB081FC7D4CAE5FA58C438AB50405081
                                                                                                                                                                                                                              SHA-512:DC9FF4202F74A13CA9949A123DFF4C0223DA969F49E9348FEAF93DA4470F7BE82CFA1D392566EAAA836D77DDE7193FED15A8395509F72A0E9F97C66C0A096016
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.3.r}]Ar}]Ar}]A{..Ap}]A .\@p}]A..\@q}]Ar}\AU}]A .X@~}]A .Y@z}]A .^@q}]A..Y@t}]A..^@s}]A..]@s}]A.._@s}]ARichr}]A........................PE..d......].........." .....F...$.......I....................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\libssl-1_1.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):689184
                                                                                                                                                                                                                              Entropy (8bit):5.526574117413294
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12288:1SurcFFRd4l6NCNH98PikxqceDotbA/nJspatQM5eJpAJfeMw4o8s6U2lvz:1KWZH98PiRLsAtf8AmMHogU2lvz
                                                                                                                                                                                                                              MD5:BC778F33480148EFA5D62B2EC85AAA7D
                                                                                                                                                                                                                              SHA1:B1EC87CBD8BC4398C6EBB26549961C8AAB53D855
                                                                                                                                                                                                                              SHA-256:9D4CF1C03629F92662FC8D7E3F1094A7FC93CB41634994464B853DF8036AF843
                                                                                                                                                                                                                              SHA-512:80C1DD9D0179E6CC5F33EB62D05576A350AF78B5170BFDF2ECDA16F1D8C3C2D0E991A5534A113361AE62079FB165FFF2344EFD1B43031F1A7BFDA696552EE173
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E......T...T...T...T...TS.U...TZ.U...TS.U...TS.U...TS.U...T..U...T...T.T..U-..T..U...T..uT...T..U...TRich...T........PE..d......^.........." .....(...H.......%..............................................H.....`..............................................N..85..........s........K...j.. .......L.......8............................................ ..8............................text....&.......(.................. ..`.rdata...%...@...&...,..............@..@.data...!M...p...D...R..............@....pdata..TT.......V..................@..@.idata...V... ...X..................@..@.00cfg...............D..............@..@.rsrc...s............F..............@..@.reloc..5............N..............@..B................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\pyexpat.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):189000
                                                                                                                                                                                                                              Entropy (8bit):6.310516938504568
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3072:NLSp96+JvGNw61ctOjB5vrNm067VpwiKdF3+6xdvl18UfKIz4qztsOSSnVDNYWum:a97vkw61BB5vrNm0Kj5+vxfKdqfVTum
                                                                                                                                                                                                                              MD5:11A886189EB726D5786926CC09F9E116
                                                                                                                                                                                                                              SHA1:D94295368A1285681FB03BAC0553EB1495D43805
                                                                                                                                                                                                                              SHA-256:DC38BDBE10CFAA99799E0C87AA8444FC062D445B87686D6593FFCA46CC938031
                                                                                                                                                                                                                              SHA-512:405C56487A91AD1209029CA6EA125642076251F0A8C069EEF0E30CE484381DB7BF24D2F5CD74B83D1C8C1358F92F35FA6ED7B75601ACE611CF36BB2331588684
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........eb...1...1...1...1...1P..0...1P..0...1P..0...1P..0...1...0...1..0...1...1...1...0...1...0...1...1...1...0...1Rich...1........................PE..d...^.._.........." .................................................................$....`.........................................P...P....................... .......H............%..T............................&...............................................text............................... ..`.rdata.............................@..@.data...............................@....pdata.. ...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\python3.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):58952
                                                                                                                                                                                                                              Entropy (8bit):5.848741332074507
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:FTS99q+0o22ByfbEap+VCBQ53gUiT5pLFdBk4/yFi1nuVwWBjChtFyrUdmd9RSx5:q9xiEAnUvdkdINV0Eyv
                                                                                                                                                                                                                              MD5:9779C701BE8E17867D1D92D470607948
                                                                                                                                                                                                                              SHA1:6AAE834541CCC73D1C87C9F1A12DF4AC0CF9001F
                                                                                                                                                                                                                              SHA-256:59E6421802D30326C1704F15ACC2B2888097241E291ABA4860D1E1FC3D26D4BF
                                                                                                                                                                                                                              SHA-512:4E34BCDD2093347D2B4E5C0F8C25F5D36D54097283FAF5B2BE1C75D717F716D459A45336647D3360457F25417952E62F8F21F5A720204FE5B894D5513E43E782
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E.....d...d...d...l...d...d...d......d...f...d.Rich..d.................PE..d...O.._.........." ................................................................M.....`.........................................` ..@...............................H............ ..T............................................................................text............................... ..`.rdata..d.... ......................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\python38.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4209224
                                                                                                                                                                                                                              Entropy (8bit):6.419196959467616
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:49152:qc3VjUbaXKKpiMo2eArGQgukWACEU05yTTysQHbhAT+JClyqA8qcW2d6RVFiT7PR:Fyw/rkTVElJHXZGU/DH4MbXEF9rQv
                                                                                                                                                                                                                              MD5:1F2688B97F9827F1DE7DFEDB4AD2348C
                                                                                                                                                                                                                              SHA1:A9650970D38E30835336426F704579E87FCFC892
                                                                                                                                                                                                                              SHA-256:169EEB1BDF99ED93CA26453D5CA49339E5AE092662CD94CDE09FBB10046F83FC
                                                                                                                                                                                                                              SHA-512:27E56B2D73226E36B0C473D8EB646813997CBDF955397D0B61FCAE37ED1F2C3715E589F9A07D909A967009ED2C664D14007CCF37D83A7DF7CE2A0FEFCA615503
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...X...X...X... M..X...5...X..H....X...5...X...5...X...5...X..0...X...X..Y..J6...X..J6...X..J6!..X..J6...X..Rich.X..................PE..d...F.._.........." .........."...............................................C.....m.@...`..........................................8.......9.|....pB......p@.,.... @.H.....B..t.. r!.T............................r!............... .`............................text............................... ..`.rdata..l..... .....................@..@.data.........9.......9.............@....pdata..,....p@.......=.............@..@.rsrc........pB.......?.............@..@.reloc...t....B..v....?.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\pywin32_system32\pywintypes38.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):142336
                                                                                                                                                                                                                              Entropy (8bit):6.010139157748554
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3072:mjbngJOM0WyPQSst/1ZI32yYrrC0P0xsr1praPDe+4KKPu7UJdap:+bgp0BISst/16YrrC0Ju7e1Kuu7UJ
                                                                                                                                                                                                                              MD5:F60DA44A33910EDA70D838D7635D8FB1
                                                                                                                                                                                                                              SHA1:C35B4CF47349888384729386C74C374EDB6F6FF3
                                                                                                                                                                                                                              SHA-256:13934599FF931F97E8EAC6106DC67D54609BEFD0B0E653B46F6C25B18830C572
                                                                                                                                                                                                                              SHA-512:3C57ED384C23C89F99708BDF688EBD28629E84DF8756E7B64DFA8B6E0B52BEEFB0C62DE820F2C72E5679B7632279DCB414A781CFD2C5C9654D09D9DA24FA17B3
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+.$.J.w.J.w.J.w.2Kw.J.w.?.v.J.w.%%w.J.w.?.v.J.w.?.v.J.w.?.v.J.w.!.v.J.w.,.v.J.w.!.v.J.w.J.wNJ.wh?.v.J.wh?.v.J.wh?.v.J.wRich.J.w................PE..d......d.........." .................,.......................................p............`.........................................0...`B......,....P..d....0...............`..0...@t..T............................t..8............................................text............................... ..`.rdata..............................@..@.data....-.......(..................@....pdata.......0......................@..@.rsrc...d....P.......$..............@..@.reloc..0....`.......(..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\select.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):26696
                                                                                                                                                                                                                              Entropy (8bit):6.083258526295506
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:hGNKrWZwhMHqSa/QtmI0dINqGSWDG4yiJ:hqKrWmhMKSa/QtmI0dINqGXye
                                                                                                                                                                                                                              MD5:A2AB334E18222738DCB05BF820725938
                                                                                                                                                                                                                              SHA1:2F75455A471F95AC814B8E4560A023034480B7B5
                                                                                                                                                                                                                              SHA-256:7BA95624370216795EA4A087C326422CFCBCCC42B5ADA21F4D85C532C71AFAD7
                                                                                                                                                                                                                              SHA-512:72E891D1C7E5EA44A569283B5C8BD8C310F2EE3D3CC9C25C6A7D7D77A62CB301C822C833B0792C3163CF0B0D6272DA2F667E6BC74B07ED7946082433F77D9679
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........P...1...1...1...I~..1../\...1../\...1../\...1../\...1..f_...1..Y...1...1...1..f_...1..f_...1..f_...1..f_...1..Rich.1..................PE..d...V.._.........." .........4......X...............................................|.....`......................................... @..L...l@..x....p.......`.......N..H.......,....2..T........................... 3...............0...............................text............................... ..`.rdata..X....0....... ..............@..@.data........P.......:..............@....pdata.......`.......<..............@..@.rsrc........p.......@..............@..@.reloc..,............L..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\ucrtbase.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1122768
                                                                                                                                                                                                                              Entropy (8bit):6.6466118295886165
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24576:CJG2BrB3ZQAq0AT2jS9HKHdK6AccMs1wmxvSZX0ypFi:0VGrT6SAk3ei
                                                                                                                                                                                                                              MD5:3B337C2D41069B0A1E43E30F891C3813
                                                                                                                                                                                                                              SHA1:EBEE2827B5CB153CBBB51C9718DA1549FA80FC5C
                                                                                                                                                                                                                              SHA-256:C04DAEBA7E7C4B711D33993AB4C51A2E087F98F4211AEA0DCB3A216656BA0AB7
                                                                                                                                                                                                                              SHA-512:FDB3012A71221447B35757ED2BDCA6ED1F8833B2F81D03AABEBD2CD7780A33A9C3D816535D03C5C3EDD5AAF11D91156842B380E2A63135E3C7F87193AD211499
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........T...:K..:K..:K..K..:K..;K..:KK..K..:KK.:J..:KK.9J..:KK.?J..:KK.>J.:KK.4J..:KK..K..:KK.8J..:KRich..:K........PE..d................" .....0..........0^...............................................N....`A................................................................. ...........!...... .......p............................Z..8..............(............................text...X .......0.................. ..`.rdata......@.......@..............@..@.data....&....... ..................@....pdata....... ......................@..@.rsrc...............................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\unicodedata.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1096264
                                                                                                                                                                                                                              Entropy (8bit):5.342861808860828
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12288:reQqQOZ6K191SnFRFotduNdBjCmN/XlyCAx9++bBlhJk93cgewrxEeBpl8:reQGn4oghCc/+9nbDhG2wrxpl8
                                                                                                                                                                                                                              MD5:549C9EEDA8546CD32D0713C723ABD12A
                                                                                                                                                                                                                              SHA1:F84B2C529CFF58B888CC99F566FCD2EBA6FF2B8E
                                                                                                                                                                                                                              SHA-256:5D5E733397EF7C4946CF26C84B07312CB12EAF339374613D4381E694EF38169B
                                                                                                                                                                                                                              SHA-512:9432DAF045BAC3E322B1797F49AFE50F76FAF8B7D8DB063A1D56578016C813881AF3324E2529032A8644A04B58CCC9D2C363BF92B56115F06B9EEFEBFAB08180
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........4.{FU.(FU.(FU.(O-/(@U.(.8.)DU.(.8.)JU.(.8.)NU.(.8.)DU.(.;.)EU.(.=.)DU.(FU.(.U.(.;.)GU.(.;.)GU.(.;C(GU.(.;.)GU.(RichFU.(................PE..d...W.._.........." .....J...X.......)..............................................jL....`.............................................X...............................H...........@)..T............................)...............`...............................text...NI.......J.................. ..`.rdata...-...`.......N..............@..@.data................|..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI60562\win32wnet.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):38912
                                                                                                                                                                                                                              Entropy (8bit):5.572930724109382
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:2uFLa14u3wdL8AKlcFcpXIxtOdKlr2Q5uu2x:2uY14uWL8IFcpc2Q5R2
                                                                                                                                                                                                                              MD5:BA0890D7B3CF1A791E2889D74D426ED6
                                                                                                                                                                                                                              SHA1:14E25C625CB14956A788D533E05961564F6B2AA6
                                                                                                                                                                                                                              SHA-256:AE7FDBC07D7C18F865EC91E59913F6845E6147E724064D400197D8E98E88CE03
                                                                                                                                                                                                                              SHA-512:C4989E6DF88AAFE6AEAA0950F7FE23ED77F238DBFA6733425268E208AB071611C6BBC17558D165F45EC9CB41C9B2A2875938550C082AA2802B2DB0FCE910DF81
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........fTG..:...:...:.......:..r;...:..r?...:..r>...:..r9...:.Tr;...:..a;...:..l;...:...;...:.Tr3...:.Tr:...:.Tr8...:.Rich..:.........PE..d......d.........." .....D...P............................................................`.........................................p...H...............T............................q..T...........................`q..8............`...............................text....C.......D.................. ..`.rdata...7...`...8...H..............@..@.data...(...........................@....pdata..............................@..@.rsrc...T...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Software\lockfile

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):21
                                                                                                                                                                                                                              Entropy (8bit):3.975418017913833
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:RrGiC:EiC
                                                                                                                                                                                                                              MD5:ACBF9D29C4729CF268B99F8FFC6143FB
                                                                                                                                                                                                                              SHA1:8A95A4D55C1A0E012BBF2E4F24053D7F557327D0
                                                                                                                                                                                                                              SHA-256:857A3C2BD75681CEFE05DC54BC70C82A4CC2B685CF9226749F0969A70DEAD604
                                                                                                                                                                                                                              SHA-512:C98CDB84E39EED8898E60372D078E2A7CDDE347A8DE0F9789DC8A0482A63DDAF6EF06A4C405835DA353A6FBCFCF440FFB8EDDCA07F024E4F4391546C8C31DEDE
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:registry_65f93d51.exe

                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):10090064
                                                                                                                                                                                                                              Entropy (8bit):7.993553292717728
                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                              SSDEEP:196608:Ad4d4uXu8mSxCyl9onJ5hrZERV5+ENFJzFcgut1W+4Xp+6PVuEv:CjuXu8mSxr9c5hlERV5RFJzFcgutQ+iF
                                                                                                                                                                                                                              MD5:BFBEFE6213EA9B1D3D0F92C970998D80
                                                                                                                                                                                                                              SHA1:DB7863DF94867D3522C47AB417437E0E8C81B124
                                                                                                                                                                                                                              SHA-256:C337E536BB2195AD30D214FEE810360815797A4E3BD91A7D88949E4DF6948791
                                                                                                                                                                                                                              SHA-512:FB84C92B1210B929590DC87E702312173C2D800EDF66A0163025B2C27406089B1C42F9C4B0EEE4F1BFB48C945A3D389A5C4B436E522FF95368B9CF75C34DBD8F
                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........:.f}i.f}i.f}i..~h.f}i..xhSf}i..yh.f}i...i.f}i..xh.f}i..yh.f}i..~h.f}i..|h.f}i.f|igf}i..yh.f}i...h.f}iRich.f}i........................PE..d...c9.f..........".... .....\.................@.............................0......3'....`.....................................................x.... ........... ........... ..X... ...................................@............................................text... ........................... ..`.rdata...*.......,..................@..@.data...............................@....pdata... ......."..................@..@_RDATA..\...........................@..@.rsrc........ ......................@..@.reloc..X.... ......................@..B................................................................................................................................................................................................

                                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Entropy (8bit):7.993553292717728
                                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                                              • Win64 Executable GUI (202006/5) 77.37%
                                                                                                                                                                                                                              • InstallShield setup (43055/19) 16.49%
                                                                                                                                                                                                                              • Win64 Executable (generic) (12005/4) 4.60%
                                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.77%
                                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.77%
                                                                                                                                                                                                                              File name:wsx.exe
                                                                                                                                                                                                                              File size:10'090'064 bytes
                                                                                                                                                                                                                              MD5:bfbefe6213ea9b1d3d0f92c970998d80
                                                                                                                                                                                                                              SHA1:db7863df94867d3522c47ab417437e0e8c81b124
                                                                                                                                                                                                                              SHA256:c337e536bb2195ad30d214fee810360815797a4e3bd91a7d88949e4df6948791
                                                                                                                                                                                                                              SHA512:fb84c92b1210b929590dc87e702312173c2d800edf66a0163025b2c27406089b1c42f9c4b0eee4f1bfb48c945a3d389a5c4b436e522ff95368b9cf75c34dbd8f
                                                                                                                                                                                                                              SSDEEP:196608:Ad4d4uXu8mSxCyl9onJ5hrZERV5+ENFJzFcgut1W+4Xp+6PVuEv:CjuXu8mSxr9c5hlERV5RFJzFcgutQ+iF
                                                                                                                                                                                                                              TLSH:0AA6331966511CD6EEB75838D072C824C2B3B8260B90D34B6BF823BA6F977D45E7E311
                                                                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........:.f}i.f}i.f}i..~h.f}i..xhSf}i..yh.f}i...i.f}i..xh.f}i..yh.f}i..~h.f}i..|h.f}i.f|igf}i..yh.f}i...h.f}iRich.f}i...............

                                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                                              Icon Hash:4a464cd47461e179

                                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Entrypoint:0x14000afb0
                                                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                                                              Digitally signed:false
                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                              Time Stamp:0x66F83963 [Sat Sep 28 17:14:11 2024 UTC]
                                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                                              OS Version Major:5
                                                                                                                                                                                                                              OS Version Minor:2
                                                                                                                                                                                                                              File Version Major:5
                                                                                                                                                                                                                              File Version Minor:2
                                                                                                                                                                                                                              Subsystem Version Major:5
                                                                                                                                                                                                                              Subsystem Version Minor:2
                                                                                                                                                                                                                              Import Hash:a6cec5b1a631d592d80900ab7e1de8df

                                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                              sub esp, 28h
                                                                                                                                                                                                                              call 00007F270CC1097Ch
                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                              add esp, 28h
                                                                                                                                                                                                                              jmp 00007F270CC102EFh
                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                              inc eax
                                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                              sub esp, 20h
                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                              mov ebx, ecx
                                                                                                                                                                                                                              xor ecx, ecx
                                                                                                                                                                                                                              call dword ptr [0001F20Bh]
                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                              mov ecx, ebx
                                                                                                                                                                                                                              call dword ptr [0001F1FAh]
                                                                                                                                                                                                                              call dword ptr [0001F16Ch]
                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                              mov ecx, eax
                                                                                                                                                                                                                              mov edx, C0000409h
                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                              add esp, 20h
                                                                                                                                                                                                                              pop ebx
                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                              jmp dword ptr [0001F1F0h]
                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                              mov dword ptr [esp+08h], ecx
                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                              sub esp, 38h
                                                                                                                                                                                                                              mov ecx, 00000017h
                                                                                                                                                                                                                              call dword ptr [0001F1DCh]
                                                                                                                                                                                                                              test eax, eax
                                                                                                                                                                                                                              je 00007F270CC10479h
                                                                                                                                                                                                                              mov ecx, 00000002h
                                                                                                                                                                                                                              int 29h
                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                              lea ecx, dword ptr [0004106Ah]
                                                                                                                                                                                                                              call 00007F270CC1063Eh
                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                              mov eax, dword ptr [esp+38h]
                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                              mov dword ptr [00041151h], eax
                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                              lea eax, dword ptr [esp+38h]
                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                              add eax, 08h
                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                              mov dword ptr [000410E1h], eax
                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                              mov eax, dword ptr [0004113Ah]
                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                              mov dword ptr [00040FABh], eax
                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                              mov eax, dword ptr [esp+40h]
                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                              mov dword ptr [000410AFh], eax
                                                                                                                                                                                                                              mov dword ptr [00040F85h], C0000409h
                                                                                                                                                                                                                              mov dword ptr [00040F7Fh], 00000001h
                                                                                                                                                                                                                              mov dword ptr [00000089h], 00000000h

                                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x3bc940x78.rdata
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x520000xf49c.rsrc
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x4e0000x20c4.pdata
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x620000x758.reloc
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x394200x1c.rdata
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x392e00x140.rdata
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x2a0000x418.rdata
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                              Sections

                                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                              .text0x10000x287200x28800bde1e371902cf81ea9be7e3f95382cfdFalse0.5581657503858025data6.484685085891853IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                              .rdata0x2a0000x12a9e0x12c00e93ec62c2718b446c5b2b08d5d0e0af5False0.5159765625data5.820343070836644IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                              .data0x3d0000x103e80xe00baf7e08c61eeb50b5a3978422561c938False0.13113839285714285data1.8069121639354628IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                              .pdata0x4e0000x20c40x2200306be8c7742d2c9622517b124ebf3ac1False0.4775965073529412data5.330382837068586IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                              _RDATA0x510000x15c0x200e9000b5de7c8ee475c9ff9bfd52a2223False0.392578125data2.7647001855526416IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                              .rsrc0x520000xf49c0xf600727c5c2ae29471efe875dab73af6dad2False0.8036553607723578data7.5555815867551965IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                              .reloc0x620000x7580x800bc11f54c2d33adf3a95c6af00e70eb22False0.5390625data5.236213438241001IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                              Resources

                                                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                              RT_ICON0x522080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.585820895522388
                                                                                                                                                                                                                              RT_ICON0x530b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7360108303249098
                                                                                                                                                                                                                              RT_ICON0x539580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.755057803468208
                                                                                                                                                                                                                              RT_ICON0x53ec00x952cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9975384937676757
                                                                                                                                                                                                                              RT_ICON0x5d3ec0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.3887966804979253
                                                                                                                                                                                                                              RT_ICON0x5f9940x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.49530956848030017
                                                                                                                                                                                                                              RT_ICON0x60a3c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.7207446808510638
                                                                                                                                                                                                                              RT_GROUP_ICON0x60ea40x68data0.7019230769230769
                                                                                                                                                                                                                              RT_MANIFEST0x60f0c0x58fXML 1.0 document, ASCII text, with CRLF line terminators0.44694307800421645

                                                                                                                                                                                                                              Imports

                                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                                              USER32.dllCreateWindowExW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                                                              COMCTL32.dll
                                                                                                                                                                                                                              KERNEL32.dllIsValidCodePage, GetStringTypeW, GetFileAttributesExW, HeapReAlloc, FlushFileBuffers, GetCurrentDirectoryW, GetACP, GetOEMCP, GetModuleHandleW, MulDiv, GetLastError, SetDllDirectoryW, GetModuleFileNameW, GetProcAddress, GetCommandLineW, GetEnvironmentVariableW, GetCPInfo, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LoadLibraryExW, SetConsoleCtrlHandler, FindClose, FindFirstFileExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, WriteConsoleW, SetEndOfFile, SetEnvironmentVariableW, RtlUnwindEx, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindNextFileW, SetStdHandle, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW
                                                                                                                                                                                                                              ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                                                              GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                              Oct 1, 2024 11:37:24.745549917 CEST4972480192.168.2.5191.252.83.191
                                                                                                                                                                                                                              Oct 1, 2024 11:37:24.750371933 CEST8049724191.252.83.191192.168.2.5
                                                                                                                                                                                                                              Oct 1, 2024 11:37:24.750466108 CEST4972480192.168.2.5191.252.83.191
                                                                                                                                                                                                                              Oct 1, 2024 11:37:24.756974936 CEST4972480192.168.2.5191.252.83.191
                                                                                                                                                                                                                              Oct 1, 2024 11:37:24.761832952 CEST8049724191.252.83.191192.168.2.5
                                                                                                                                                                                                                              Oct 1, 2024 11:37:25.474375963 CEST8049724191.252.83.191192.168.2.5
                                                                                                                                                                                                                              Oct 1, 2024 11:37:25.522439957 CEST4972480192.168.2.5191.252.83.191
                                                                                                                                                                                                                              Oct 1, 2024 11:37:25.991578102 CEST49725443192.168.2.594.156.67.32
                                                                                                                                                                                                                              Oct 1, 2024 11:37:25.991622925 CEST4434972594.156.67.32192.168.2.5
                                                                                                                                                                                                                              Oct 1, 2024 11:37:25.991691113 CEST49725443192.168.2.594.156.67.32
                                                                                                                                                                                                                              Oct 1, 2024 11:37:25.995946884 CEST49725443192.168.2.594.156.67.32
                                                                                                                                                                                                                              Oct 1, 2024 11:37:25.995960951 CEST4434972594.156.67.32192.168.2.5
                                                                                                                                                                                                                              Oct 1, 2024 11:37:26.623302937 CEST4434972594.156.67.32192.168.2.5
                                                                                                                                                                                                                              Oct 1, 2024 11:37:26.623912096 CEST49725443192.168.2.594.156.67.32
                                                                                                                                                                                                                              Oct 1, 2024 11:37:26.623938084 CEST4434972594.156.67.32192.168.2.5
                                                                                                                                                                                                                              Oct 1, 2024 11:37:26.624900103 CEST4434972594.156.67.32192.168.2.5
                                                                                                                                                                                                                              Oct 1, 2024 11:37:26.624977112 CEST49725443192.168.2.594.156.67.32
                                                                                                                                                                                                                              Oct 1, 2024 11:37:26.625828981 CEST49725443192.168.2.594.156.67.32
                                                                                                                                                                                                                              Oct 1, 2024 11:37:26.625951052 CEST4434972594.156.67.32192.168.2.5
                                                                                                                                                                                                                              Oct 1, 2024 11:37:26.625988007 CEST49725443192.168.2.594.156.67.32
                                                                                                                                                                                                                              Oct 1, 2024 11:37:26.626005888 CEST49725443192.168.2.594.156.67.32
                                                                                                                                                                                                                              Oct 1, 2024 11:37:26.626488924 CEST4972480192.168.2.5191.252.83.191
                                                                                                                                                                                                                              Oct 1, 2024 11:37:26.631544113 CEST8049724191.252.83.191192.168.2.5
                                                                                                                                                                                                                              Oct 1, 2024 11:37:26.631611109 CEST4972480192.168.2.5191.252.83.191
                                                                                                                                                                                                                              Oct 1, 2024 11:37:28.425179958 CEST4972780192.168.2.5191.252.83.191
                                                                                                                                                                                                                              Oct 1, 2024 11:37:28.430001974 CEST8049727191.252.83.191192.168.2.5
                                                                                                                                                                                                                              Oct 1, 2024 11:37:28.432830095 CEST4972780192.168.2.5191.252.83.191
                                                                                                                                                                                                                              Oct 1, 2024 11:37:28.444415092 CEST4972780192.168.2.5191.252.83.191
                                                                                                                                                                                                                              Oct 1, 2024 11:37:28.449332952 CEST8049727191.252.83.191192.168.2.5
                                                                                                                                                                                                                              Oct 1, 2024 11:37:29.138689995 CEST8049727191.252.83.191192.168.2.5
                                                                                                                                                                                                                              Oct 1, 2024 11:37:29.194298029 CEST4972780192.168.2.5191.252.83.191
                                                                                                                                                                                                                              Oct 1, 2024 11:37:29.235567093 CEST49728443192.168.2.594.156.67.32
                                                                                                                                                                                                                              Oct 1, 2024 11:37:29.235635996 CEST4434972894.156.67.32192.168.2.5
                                                                                                                                                                                                                              Oct 1, 2024 11:37:29.235702991 CEST49728443192.168.2.594.156.67.32
                                                                                                                                                                                                                              Oct 1, 2024 11:37:29.236824989 CEST49728443192.168.2.594.156.67.32
                                                                                                                                                                                                                              Oct 1, 2024 11:37:29.236841917 CEST4434972894.156.67.32192.168.2.5
                                                                                                                                                                                                                              Oct 1, 2024 11:37:29.858711004 CEST4434972894.156.67.32192.168.2.5
                                                                                                                                                                                                                              Oct 1, 2024 11:37:29.859286070 CEST49728443192.168.2.594.156.67.32
                                                                                                                                                                                                                              Oct 1, 2024 11:37:29.859304905 CEST4434972894.156.67.32192.168.2.5
                                                                                                                                                                                                                              Oct 1, 2024 11:37:29.860780001 CEST4434972894.156.67.32192.168.2.5
                                                                                                                                                                                                                              Oct 1, 2024 11:37:29.860841036 CEST49728443192.168.2.594.156.67.32
                                                                                                                                                                                                                              Oct 1, 2024 11:37:29.861408949 CEST49728443192.168.2.594.156.67.32
                                                                                                                                                                                                                              Oct 1, 2024 11:37:29.861536980 CEST49728443192.168.2.594.156.67.32
                                                                                                                                                                                                                              Oct 1, 2024 11:37:29.861835957 CEST4972780192.168.2.5191.252.83.191
                                                                                                                                                                                                                              Oct 1, 2024 11:37:29.867203951 CEST8049727191.252.83.191192.168.2.5
                                                                                                                                                                                                                              Oct 1, 2024 11:37:29.867276907 CEST4972780192.168.2.5191.252.83.191

                                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                              Oct 1, 2024 11:37:24.516484976 CEST5185553192.168.2.51.1.1.1
                                                                                                                                                                                                                              Oct 1, 2024 11:37:24.741719007 CEST53518551.1.1.1192.168.2.5
                                                                                                                                                                                                                              Oct 1, 2024 11:37:25.477189064 CEST4961753192.168.2.51.1.1.1
                                                                                                                                                                                                                              Oct 1, 2024 11:37:25.986530066 CEST53496171.1.1.1192.168.2.5
                                                                                                                                                                                                                              Oct 1, 2024 11:37:38.765292883 CEST5364658162.159.36.2192.168.2.5
                                                                                                                                                                                                                              Oct 1, 2024 11:37:39.695219040 CEST53594411.1.1.1192.168.2.5

                                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                              Oct 1, 2024 11:37:24.516484976 CEST192.168.2.51.1.1.10x5883Standard query (0)pontoslivelobb.servicos.wsA (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Oct 1, 2024 11:37:25.477189064 CEST192.168.2.51.1.1.10xb15Standard query (0)estudosadulto.educacao.wsA (IP address)IN (0x0001)false

                                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                              Oct 1, 2024 11:36:55.673516989 CEST1.1.1.1192.168.2.50x9b54No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                              Oct 1, 2024 11:36:55.673516989 CEST1.1.1.1192.168.2.50x9b54No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Oct 1, 2024 11:37:24.741719007 CEST1.1.1.1192.168.2.50x5883No error (0)pontoslivelobb.servicos.ws191.252.83.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Oct 1, 2024 11:37:25.986530066 CEST1.1.1.1192.168.2.50xb15No error (0)estudosadulto.educacao.ws94.156.67.32A (IP address)IN (0x0001)false

                                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                                              • pontoslivelobb.servicos.ws

                                                                                                                                                                                                                              HTTP Packets

                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                              0192.168.2.549724191.252.83.191802132C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                              Oct 1, 2024 11:37:24.756974936 CEST166OUTGET /conta.php HTTP/1.1
                                                                                                                                                                                                                              Host: pontoslivelobb.servicos.ws
                                                                                                                                                                                                                              User-Agent: python-requests/2.32.3
                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                              Oct 1, 2024 11:37:25.474375963 CEST353INHTTP/1.1 302 Found
                                                                                                                                                                                                                              Server: nginx/1.22.1
                                                                                                                                                                                                                              Date: Tue, 01 Oct 2024 09:37:25 GMT
                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                              X-Powered-By: PHP/8.3.0
                                                                                                                                                                                                                              Location: https://estudosadulto.educacao.ws/contador/contador.php
                                                                                                                                                                                                                              X-Cache: BYPASS
                                                                                                                                                                                                                              Lw-X-Id: a27aa96adf722c722add130787a1ac0a.3323052-8.46.123.33:11205@dinesh0014


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                              1192.168.2.549727191.252.83.191805064C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                              Oct 1, 2024 11:37:28.444415092 CEST166OUTGET /conta.php HTTP/1.1
                                                                                                                                                                                                                              Host: pontoslivelobb.servicos.ws
                                                                                                                                                                                                                              User-Agent: python-requests/2.32.3
                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                              Oct 1, 2024 11:37:29.138689995 CEST353INHTTP/1.1 302 Found
                                                                                                                                                                                                                              Server: nginx/1.22.1
                                                                                                                                                                                                                              Date: Tue, 01 Oct 2024 09:37:29 GMT
                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                              X-Powered-By: PHP/8.3.0
                                                                                                                                                                                                                              Location: https://estudosadulto.educacao.ws/contador/contador.php
                                                                                                                                                                                                                              X-Cache: BYPASS
                                                                                                                                                                                                                              Lw-X-Id: 618d92e75b6e05691382ec5c9d8d02f6.3323175-8.46.123.33:11242@dinesh0014


                                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                                              Start time:05:37:19
                                                                                                                                                                                                                              Start date:01/10/2024
                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\wsx.exe"
                                                                                                                                                                                                                              Imagebase:0x7ff7e71d0000
                                                                                                                                                                                                                              File size:10'090'064 bytes
                                                                                                                                                                                                                              MD5 hash:BFBEFE6213EA9B1D3D0F92C970998D80
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:2
                                                                                                                                                                                                                              Start time:05:37:21
                                                                                                                                                                                                                              Start date:01/10/2024
                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\wsx.exe"
                                                                                                                                                                                                                              Imagebase:0x7ff7e71d0000
                                                                                                                                                                                                                              File size:10'090'064 bytes
                                                                                                                                                                                                                              MD5 hash:BFBEFE6213EA9B1D3D0F92C970998D80
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:3
                                                                                                                                                                                                                              Start time:05:37:23
                                                                                                                                                                                                                              Start date:01/10/2024
                                                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                              Commandline:C:\Windows\system32\cmd.exe /c "schtasks /query /tn "registry_65f93d51.exe""
                                                                                                                                                                                                                              Imagebase:0x7ff7404a0000
                                                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:4
                                                                                                                                                                                                                              Start time:05:37:23
                                                                                                                                                                                                                              Start date:01/10/2024
                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:5
                                                                                                                                                                                                                              Start time:05:37:23
                                                                                                                                                                                                                              Start date:01/10/2024
                                                                                                                                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                              Commandline:schtasks /query /tn "registry_65f93d51.exe"
                                                                                                                                                                                                                              Imagebase:0x7ff668780000
                                                                                                                                                                                                                              File size:235'008 bytes
                                                                                                                                                                                                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:6
                                                                                                                                                                                                                              Start time:05:37:23
                                                                                                                                                                                                                              Start date:01/10/2024
                                                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                              Commandline:C:\Windows\system32\cmd.exe /c "schtasks /create /tn "registry_65f93d51.exe" /tr "C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe" /sc onlogon /rl highest /f"
                                                                                                                                                                                                                              Imagebase:0x7ff7404a0000
                                                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:7
                                                                                                                                                                                                                              Start time:05:37:23
                                                                                                                                                                                                                              Start date:01/10/2024
                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:8
                                                                                                                                                                                                                              Start time:05:37:23
                                                                                                                                                                                                                              Start date:01/10/2024
                                                                                                                                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                              Commandline:schtasks /create /tn "registry_65f93d51.exe" /tr "C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe" /sc onlogon /rl highest /f
                                                                                                                                                                                                                              Imagebase:0x7ff668780000
                                                                                                                                                                                                                              File size:235'008 bytes
                                                                                                                                                                                                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:9
                                                                                                                                                                                                                              Start time:05:37:24
                                                                                                                                                                                                                              Start date:01/10/2024
                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                              Commandline:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              Imagebase:0x7ff6bd5c0000
                                                                                                                                                                                                                              File size:10'090'064 bytes
                                                                                                                                                                                                                              MD5 hash:BFBEFE6213EA9B1D3D0F92C970998D80
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:10
                                                                                                                                                                                                                              Start time:05:37:26
                                                                                                                                                                                                                              Start date:01/10/2024
                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                              Commandline:C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
                                                                                                                                                                                                                              Imagebase:0x7ff6bd5c0000
                                                                                                                                                                                                                              File size:10'090'064 bytes
                                                                                                                                                                                                                              MD5 hash:BFBEFE6213EA9B1D3D0F92C970998D80
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:11
                                                                                                                                                                                                                              Start time:05:37:27
                                                                                                                                                                                                                              Start date:01/10/2024
                                                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                              Commandline:C:\Windows\system32\cmd.exe /c "schtasks /query /tn "registry_65f93d51.exe""
                                                                                                                                                                                                                              Imagebase:0x7ff7404a0000
                                                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:12
                                                                                                                                                                                                                              Start time:05:37:27
                                                                                                                                                                                                                              Start date:01/10/2024
                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:13
                                                                                                                                                                                                                              Start time:05:37:27
                                                                                                                                                                                                                              Start date:01/10/2024
                                                                                                                                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                              Commandline:schtasks /query /tn "registry_65f93d51.exe"
                                                                                                                                                                                                                              Imagebase:0x7ff668780000
                                                                                                                                                                                                                              File size:235'008 bytes
                                                                                                                                                                                                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                Execution Coverage:10%
                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                Signature Coverage:16.7%
                                                                                                                                                                                                                                Total number of Nodes:2000
                                                                                                                                                                                                                                Total number of Limit Nodes:29
                                                                                                                                                                                                                                execution_graph 18922 7ff7e71e41c0 18923 7ff7e71e41cb 18922->18923 18931 7ff7e71ee284 18923->18931 18944 7ff7e71ef6b8 EnterCriticalSection 18931->18944 14725 7ff7e71dae3c 14746 7ff7e71db2ac 14725->14746 14728 7ff7e71daf88 14848 7ff7e71db5dc IsProcessorFeaturePresent 14728->14848 14729 7ff7e71dae58 __scrt_acquire_startup_lock 14731 7ff7e71daf92 14729->14731 14738 7ff7e71dae76 __scrt_release_startup_lock 14729->14738 14732 7ff7e71db5dc 7 API calls 14731->14732 14734 7ff7e71daf9d __GetCurrentState 14732->14734 14733 7ff7e71dae9b 14735 7ff7e71daf21 14752 7ff7e71db728 14735->14752 14737 7ff7e71daf26 14755 7ff7e71d1000 14737->14755 14738->14733 14738->14735 14837 7ff7e71e88b4 14738->14837 14743 7ff7e71daf49 14743->14734 14844 7ff7e71db440 14743->14844 14855 7ff7e71db8ac 14746->14855 14749 7ff7e71dae50 14749->14728 14749->14729 14750 7ff7e71db2db __scrt_initialize_crt 14750->14749 14857 7ff7e71dca08 14750->14857 14884 7ff7e71dc150 14752->14884 14756 7ff7e71d100b 14755->14756 14886 7ff7e71d7570 14756->14886 14758 7ff7e71d101d 14893 7ff7e71e4e44 14758->14893 14760 7ff7e71d365b 14900 7ff7e71d1af0 14760->14900 14766 7ff7e71d3679 14829 7ff7e71d377a 14766->14829 14916 7ff7e71d3b00 14766->14916 14768 7ff7e71d36ab 14768->14829 14919 7ff7e71d6970 14768->14919 14770 7ff7e71d36c7 14771 7ff7e71d3713 14770->14771 14773 7ff7e71d6970 61 API calls 14770->14773 14934 7ff7e71d6f10 14771->14934 14777 7ff7e71d36e8 __vcrt_freefls 14773->14777 14774 7ff7e71d3728 14938 7ff7e71d19d0 14774->14938 14777->14771 14781 7ff7e71d6f10 58 API calls 14777->14781 14778 7ff7e71d381d 14779 7ff7e71d3848 14778->14779 15052 7ff7e71d3260 14778->15052 14788 7ff7e71d388b 14779->14788 14949 7ff7e71d79a0 14779->14949 14780 7ff7e71d19d0 121 API calls 14784 7ff7e71d375e 14780->14784 14781->14771 14786 7ff7e71d37a0 14784->14786 14787 7ff7e71d3762 14784->14787 14785 7ff7e71d3868 14789 7ff7e71d386d 14785->14789 14790 7ff7e71d387e SetDllDirectoryW 14785->14790 14786->14778 15029 7ff7e71d3c90 14786->15029 15007 7ff7e71d2770 14787->15007 14963 7ff7e71d5e20 14788->14963 14793 7ff7e71d2770 59 API calls 14789->14793 14790->14788 14793->14829 14797 7ff7e71d38e6 14804 7ff7e71d39a6 14797->14804 14811 7ff7e71d38f9 14797->14811 14798 7ff7e71d37c2 14803 7ff7e71d2770 59 API calls 14798->14803 14801 7ff7e71d38a8 14801->14797 15066 7ff7e71d5620 14801->15066 14802 7ff7e71d37f0 14802->14778 14805 7ff7e71d37f5 14802->14805 14803->14829 14967 7ff7e71d30f0 14804->14967 15048 7ff7e71df1dc 14805->15048 14818 7ff7e71d3945 14811->14818 15166 7ff7e71d1b30 14811->15166 14812 7ff7e71d38dc 15160 7ff7e71d5870 14812->15160 14813 7ff7e71d38bd 15086 7ff7e71d55b0 14813->15086 14818->14829 15170 7ff7e71d3090 14818->15170 14819 7ff7e71d38c7 14819->14812 14821 7ff7e71d38cb 14819->14821 14820 7ff7e71d39db 14822 7ff7e71d6970 61 API calls 14820->14822 15154 7ff7e71d5c70 14821->15154 14827 7ff7e71d39e7 14822->14827 14825 7ff7e71d3981 14828 7ff7e71d5870 FreeLibrary 14825->14828 14827->14829 14984 7ff7e71d6f50 14827->14984 14828->14829 15020 7ff7e71dacd0 14829->15020 14838 7ff7e71e88cb 14837->14838 14839 7ff7e71e88ec 14837->14839 14838->14735 17594 7ff7e71e9008 14839->17594 14842 7ff7e71db76c GetModuleHandleW 14843 7ff7e71db77d 14842->14843 14843->14743 14845 7ff7e71db451 14844->14845 14846 7ff7e71daf60 14845->14846 14847 7ff7e71dca08 __scrt_initialize_crt 7 API calls 14845->14847 14846->14733 14847->14846 14849 7ff7e71db602 _wfindfirst32i64 __scrt_get_show_window_mode 14848->14849 14850 7ff7e71db621 RtlCaptureContext RtlLookupFunctionEntry 14849->14850 14851 7ff7e71db686 __scrt_get_show_window_mode 14850->14851 14852 7ff7e71db64a RtlVirtualUnwind 14850->14852 14853 7ff7e71db6b8 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14851->14853 14852->14851 14854 7ff7e71db70a _wfindfirst32i64 14853->14854 14854->14731 14856 7ff7e71db2ce __scrt_dllmain_crt_thread_attach 14855->14856 14856->14749 14856->14750 14858 7ff7e71dca10 14857->14858 14859 7ff7e71dca1a 14857->14859 14863 7ff7e71dcd84 14858->14863 14859->14749 14864 7ff7e71dcd93 14863->14864 14865 7ff7e71dca15 14863->14865 14871 7ff7e71dcfc0 14864->14871 14867 7ff7e71dcdf0 14865->14867 14868 7ff7e71dce1b 14867->14868 14869 7ff7e71dce1f 14868->14869 14870 7ff7e71dcdfe DeleteCriticalSection 14868->14870 14869->14859 14870->14868 14875 7ff7e71dce28 14871->14875 14876 7ff7e71dcf42 TlsFree 14875->14876 14882 7ff7e71dce6c __vcrt_FlsAlloc 14875->14882 14877 7ff7e71dce9a LoadLibraryExW 14879 7ff7e71dcf11 14877->14879 14880 7ff7e71dcebb GetLastError 14877->14880 14878 7ff7e71dcf31 GetProcAddress 14878->14876 14879->14878 14881 7ff7e71dcf28 FreeLibrary 14879->14881 14880->14882 14881->14878 14882->14876 14882->14877 14882->14878 14883 7ff7e71dcedd LoadLibraryExW 14882->14883 14883->14879 14883->14882 14885 7ff7e71db73f GetStartupInfoW 14884->14885 14885->14737 14889 7ff7e71d758f 14886->14889 14887 7ff7e71d7597 __vcrt_freefls 14887->14758 14888 7ff7e71d75e0 WideCharToMultiByte 14888->14889 14891 7ff7e71d7688 14888->14891 14889->14887 14889->14888 14890 7ff7e71d7636 WideCharToMultiByte 14889->14890 14889->14891 14890->14889 14890->14891 15225 7ff7e71d2620 14891->15225 14896 7ff7e71eeb70 14893->14896 14894 7ff7e71eebc3 14895 7ff7e71e9c14 _invalid_parameter_noinfo 37 API calls 14894->14895 14899 7ff7e71eebec 14895->14899 14896->14894 14897 7ff7e71eec16 14896->14897 15663 7ff7e71eea48 14897->15663 14899->14760 14901 7ff7e71d1b05 14900->14901 14902 7ff7e71d1b20 14901->14902 15671 7ff7e71d24d0 14901->15671 14902->14829 14904 7ff7e71d3b80 14902->14904 14905 7ff7e71dad00 14904->14905 14906 7ff7e71d3b8c GetModuleFileNameW 14905->14906 14907 7ff7e71d3bd2 14906->14907 14908 7ff7e71d3bbb 14906->14908 15711 7ff7e71d7ab0 14907->15711 14909 7ff7e71d2620 57 API calls 14908->14909 14911 7ff7e71d3bce 14909->14911 14913 7ff7e71dacd0 _wfindfirst32i64 8 API calls 14911->14913 14915 7ff7e71d3c0f 14913->14915 14914 7ff7e71d2770 59 API calls 14914->14911 14915->14766 14917 7ff7e71d1b30 49 API calls 14916->14917 14918 7ff7e71d3b1d 14917->14918 14918->14768 14920 7ff7e71d697a 14919->14920 14921 7ff7e71d79a0 57 API calls 14920->14921 14922 7ff7e71d699c GetEnvironmentVariableW 14921->14922 14923 7ff7e71d69b4 ExpandEnvironmentStringsW 14922->14923 14924 7ff7e71d6a06 14922->14924 14925 7ff7e71d7ab0 59 API calls 14923->14925 14926 7ff7e71dacd0 _wfindfirst32i64 8 API calls 14924->14926 14927 7ff7e71d69dc 14925->14927 14928 7ff7e71d6a18 14926->14928 14927->14924 14929 7ff7e71d69e6 14927->14929 14928->14770 15722 7ff7e71e903c 14929->15722 14932 7ff7e71dacd0 _wfindfirst32i64 8 API calls 14933 7ff7e71d69fe 14932->14933 14933->14770 14935 7ff7e71d79a0 57 API calls 14934->14935 14936 7ff7e71d6f27 SetEnvironmentVariableW 14935->14936 14937 7ff7e71d6f3f __vcrt_freefls 14936->14937 14937->14774 14939 7ff7e71d1b30 49 API calls 14938->14939 14940 7ff7e71d1a00 14939->14940 14941 7ff7e71d1b30 49 API calls 14940->14941 14947 7ff7e71d1a7a 14940->14947 14942 7ff7e71d1a22 14941->14942 14943 7ff7e71d3b00 49 API calls 14942->14943 14942->14947 14944 7ff7e71d1a3b 14943->14944 15729 7ff7e71d17b0 14944->15729 14947->14778 14947->14780 14948 7ff7e71df1dc 74 API calls 14948->14947 14950 7ff7e71d79c1 MultiByteToWideChar 14949->14950 14951 7ff7e71d7a47 MultiByteToWideChar 14949->14951 14954 7ff7e71d79e7 14950->14954 14959 7ff7e71d7a0c 14950->14959 14952 7ff7e71d7a8f 14951->14952 14953 7ff7e71d7a6a 14951->14953 14952->14785 14955 7ff7e71d2620 55 API calls 14953->14955 14956 7ff7e71d2620 55 API calls 14954->14956 14957 7ff7e71d7a7d 14955->14957 14958 7ff7e71d79fa 14956->14958 14957->14785 14958->14785 14959->14951 14960 7ff7e71d7a22 14959->14960 14961 7ff7e71d2620 55 API calls 14960->14961 14962 7ff7e71d7a35 14961->14962 14962->14785 14964 7ff7e71d5e35 14963->14964 14965 7ff7e71d3890 14964->14965 14966 7ff7e71d24d0 59 API calls 14964->14966 14965->14797 15056 7ff7e71d5ac0 14965->15056 14966->14965 14969 7ff7e71d31a4 14967->14969 14974 7ff7e71d3163 14967->14974 14968 7ff7e71d31e3 14971 7ff7e71dacd0 _wfindfirst32i64 8 API calls 14968->14971 14969->14968 14970 7ff7e71d1ab0 74 API calls 14969->14970 14970->14969 14972 7ff7e71d31f5 14971->14972 14972->14829 14977 7ff7e71d6ea0 14972->14977 14974->14969 15802 7ff7e71d1440 14974->15802 15836 7ff7e71d2990 14974->15836 15890 7ff7e71d1780 14974->15890 14978 7ff7e71d79a0 57 API calls 14977->14978 14979 7ff7e71d6ebf 14978->14979 14980 7ff7e71d79a0 57 API calls 14979->14980 14981 7ff7e71d6ecf 14980->14981 14982 7ff7e71e65e4 38 API calls 14981->14982 14983 7ff7e71d6edd __vcrt_freefls 14982->14983 14983->14820 14985 7ff7e71d6f60 14984->14985 14986 7ff7e71d79a0 57 API calls 14985->14986 14987 7ff7e71d6f91 SetConsoleCtrlHandler GetStartupInfoW 14986->14987 14988 7ff7e71d6ff2 14987->14988 16761 7ff7e71e90b4 14988->16761 15008 7ff7e71d2790 15007->15008 15009 7ff7e71e3b14 49 API calls 15008->15009 15010 7ff7e71d27dd __scrt_get_show_window_mode 15009->15010 15011 7ff7e71d79a0 57 API calls 15010->15011 15012 7ff7e71d280a 15011->15012 15013 7ff7e71d280f 15012->15013 15014 7ff7e71d2849 MessageBoxA 15012->15014 15016 7ff7e71d79a0 57 API calls 15013->15016 15015 7ff7e71d2863 15014->15015 15018 7ff7e71dacd0 _wfindfirst32i64 8 API calls 15015->15018 15017 7ff7e71d2829 MessageBoxW 15016->15017 15017->15015 15019 7ff7e71d2873 15018->15019 15019->14829 15022 7ff7e71dacd9 15020->15022 15021 7ff7e71d378e 15021->14842 15022->15021 15023 7ff7e71db000 IsProcessorFeaturePresent 15022->15023 15024 7ff7e71db018 15023->15024 16779 7ff7e71db1f4 RtlCaptureContext 15024->16779 15030 7ff7e71d3c9c 15029->15030 15031 7ff7e71d79a0 57 API calls 15030->15031 15032 7ff7e71d3cc7 15031->15032 15033 7ff7e71d79a0 57 API calls 15032->15033 15034 7ff7e71d3cda 15033->15034 16784 7ff7e71e53f8 15034->16784 15037 7ff7e71dacd0 _wfindfirst32i64 8 API calls 15038 7ff7e71d37ba 15037->15038 15038->14798 15039 7ff7e71d7170 15038->15039 15040 7ff7e71d7194 15039->15040 15041 7ff7e71df864 73 API calls 15040->15041 15046 7ff7e71d726b __vcrt_freefls 15040->15046 15042 7ff7e71d71ae 15041->15042 15042->15046 17163 7ff7e71e7868 15042->17163 15044 7ff7e71df864 73 API calls 15047 7ff7e71d71c3 15044->15047 15045 7ff7e71df52c _fread_nolock 53 API calls 15045->15047 15046->14802 15047->15044 15047->15045 15047->15046 15049 7ff7e71df20c 15048->15049 17178 7ff7e71defb8 15049->17178 15051 7ff7e71df225 15051->14798 15053 7ff7e71d3277 15052->15053 15054 7ff7e71d32a0 15052->15054 15053->15054 15055 7ff7e71d1780 59 API calls 15053->15055 15054->14779 15055->15053 15057 7ff7e71d5ae4 15056->15057 15061 7ff7e71d5b11 15056->15061 15058 7ff7e71d5b0c 15057->15058 15059 7ff7e71d1780 59 API calls 15057->15059 15057->15061 15065 7ff7e71d5b07 memcpy_s __vcrt_freefls 15057->15065 17189 7ff7e71d12b0 15058->17189 15059->15057 15061->15065 17215 7ff7e71d3d10 15061->17215 15063 7ff7e71d5b77 15064 7ff7e71d2770 59 API calls 15063->15064 15063->15065 15064->15065 15065->14801 15071 7ff7e71d563a memcpy_s 15066->15071 15067 7ff7e71d575f 15070 7ff7e71d3d10 49 API calls 15067->15070 15069 7ff7e71d577b 15072 7ff7e71d2770 59 API calls 15069->15072 15075 7ff7e71d57d8 15070->15075 15071->15067 15071->15069 15071->15071 15073 7ff7e71d3d10 49 API calls 15071->15073 15074 7ff7e71d5740 15071->15074 15083 7ff7e71d1440 161 API calls 15071->15083 15084 7ff7e71d5761 15071->15084 17218 7ff7e71d1650 15071->17218 15077 7ff7e71d5771 __vcrt_freefls 15072->15077 15073->15071 15074->15067 15078 7ff7e71d3d10 49 API calls 15074->15078 15076 7ff7e71d3d10 49 API calls 15075->15076 15079 7ff7e71d5808 15076->15079 15080 7ff7e71dacd0 _wfindfirst32i64 8 API calls 15077->15080 15078->15067 15082 7ff7e71d3d10 49 API calls 15079->15082 15081 7ff7e71d38b9 15080->15081 15081->14812 15081->14813 15082->15077 15083->15071 15085 7ff7e71d2770 59 API calls 15084->15085 15085->15077 17223 7ff7e71d7120 15086->17223 15088 7ff7e71d55c2 15089 7ff7e71d7120 58 API calls 15088->15089 15090 7ff7e71d55d5 15089->15090 15091 7ff7e71d55fa 15090->15091 15092 7ff7e71d55ed GetProcAddress 15090->15092 15093 7ff7e71d2770 59 API calls 15091->15093 15096 7ff7e71d5f7c GetProcAddress 15092->15096 15097 7ff7e71d5f59 15092->15097 15094 7ff7e71d5606 15093->15094 15094->14819 15096->15097 15098 7ff7e71d5fa1 GetProcAddress 15096->15098 15099 7ff7e71d2620 57 API calls 15097->15099 15098->15097 15100 7ff7e71d5fc6 GetProcAddress 15098->15100 15101 7ff7e71d5f6c 15099->15101 15100->15097 15102 7ff7e71d5fee GetProcAddress 15100->15102 15101->14819 15102->15097 15103 7ff7e71d6016 GetProcAddress 15102->15103 15103->15097 15155 7ff7e71d5c94 15154->15155 15161 7ff7e71d589d 15160->15161 15162 7ff7e71d5882 15160->15162 15161->14797 15162->15161 15163 7ff7e71d5960 15162->15163 17227 7ff7e71d7100 FreeLibrary 15162->17227 15163->15161 17228 7ff7e71d7100 FreeLibrary 15163->17228 15167 7ff7e71d1b55 15166->15167 15168 7ff7e71e3b14 49 API calls 15167->15168 15169 7ff7e71d1b78 15168->15169 15169->14818 17229 7ff7e71d4940 15170->17229 15173 7ff7e71d30dd 15173->14825 15175 7ff7e71d30b4 15175->15173 17285 7ff7e71d46c0 15175->17285 15244 7ff7e71dad00 15225->15244 15228 7ff7e71d2669 15246 7ff7e71e3b14 15228->15246 15233 7ff7e71d1b30 49 API calls 15234 7ff7e71d26c8 __scrt_get_show_window_mode 15233->15234 15235 7ff7e71d79a0 54 API calls 15234->15235 15236 7ff7e71d26f5 15235->15236 15237 7ff7e71d2734 MessageBoxA 15236->15237 15238 7ff7e71d26fa 15236->15238 15240 7ff7e71d274e 15237->15240 15239 7ff7e71d79a0 54 API calls 15238->15239 15241 7ff7e71d2714 MessageBoxW 15239->15241 15242 7ff7e71dacd0 _wfindfirst32i64 8 API calls 15240->15242 15241->15240 15243 7ff7e71d275e 15242->15243 15243->14887 15245 7ff7e71d263c GetLastError 15244->15245 15245->15228 15249 7ff7e71e3b6e 15246->15249 15247 7ff7e71e3b93 15276 7ff7e71e9c14 15247->15276 15249->15247 15250 7ff7e71e3bcf 15249->15250 15284 7ff7e71e1da0 15250->15284 15252 7ff7e71e3bbd 15254 7ff7e71dacd0 _wfindfirst32i64 8 API calls 15252->15254 15253 7ff7e71e3cac 15255 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15253->15255 15256 7ff7e71d2699 15254->15256 15255->15252 15264 7ff7e71d7420 15256->15264 15258 7ff7e71e3cd0 15258->15253 15260 7ff7e71e3cda 15258->15260 15259 7ff7e71e3c81 15261 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15259->15261 15263 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15260->15263 15261->15252 15262 7ff7e71e3c78 15262->15253 15262->15259 15263->15252 15265 7ff7e71d742c 15264->15265 15266 7ff7e71d744d FormatMessageW 15265->15266 15267 7ff7e71d7447 GetLastError 15265->15267 15268 7ff7e71d7480 15266->15268 15269 7ff7e71d749c WideCharToMultiByte 15266->15269 15267->15266 15270 7ff7e71d2620 54 API calls 15268->15270 15271 7ff7e71d74d6 15269->15271 15272 7ff7e71d7493 15269->15272 15270->15272 15273 7ff7e71d2620 54 API calls 15271->15273 15274 7ff7e71dacd0 _wfindfirst32i64 8 API calls 15272->15274 15273->15272 15275 7ff7e71d26a0 15274->15275 15275->15233 15298 7ff7e71e995c 15276->15298 15280 7ff7e71e9c4f 15280->15252 15285 7ff7e71e1dde 15284->15285 15286 7ff7e71e1dce 15284->15286 15287 7ff7e71e1de7 15285->15287 15294 7ff7e71e1e15 15285->15294 15289 7ff7e71e9c14 _invalid_parameter_noinfo 37 API calls 15286->15289 15290 7ff7e71e9c14 _invalid_parameter_noinfo 37 API calls 15287->15290 15288 7ff7e71e1e0d 15288->15253 15288->15258 15288->15259 15288->15262 15289->15288 15290->15288 15293 7ff7e71e20c4 15296 7ff7e71e9c14 _invalid_parameter_noinfo 37 API calls 15293->15296 15294->15286 15294->15288 15294->15293 15336 7ff7e71e2730 15294->15336 15362 7ff7e71e23f8 15294->15362 15392 7ff7e71e1c80 15294->15392 15395 7ff7e71e3950 15294->15395 15296->15286 15299 7ff7e71e99b3 15298->15299 15300 7ff7e71e9978 GetLastError 15298->15300 15299->15280 15304 7ff7e71e99c8 15299->15304 15301 7ff7e71e9988 15300->15301 15311 7ff7e71ea790 15301->15311 15305 7ff7e71e99e4 GetLastError SetLastError 15304->15305 15306 7ff7e71e99fc 15304->15306 15305->15306 15306->15280 15307 7ff7e71e9d00 IsProcessorFeaturePresent 15306->15307 15308 7ff7e71e9d13 15307->15308 15328 7ff7e71e9a14 15308->15328 15312 7ff7e71ea7af FlsGetValue 15311->15312 15313 7ff7e71ea7ca FlsSetValue 15311->15313 15314 7ff7e71ea7c4 15312->15314 15316 7ff7e71e99a3 SetLastError 15312->15316 15315 7ff7e71ea7d7 15313->15315 15313->15316 15314->15313 15317 7ff7e71edc70 _get_daylight 11 API calls 15315->15317 15316->15299 15318 7ff7e71ea7e6 15317->15318 15319 7ff7e71ea804 FlsSetValue 15318->15319 15320 7ff7e71ea7f4 FlsSetValue 15318->15320 15321 7ff7e71ea822 15319->15321 15322 7ff7e71ea810 FlsSetValue 15319->15322 15323 7ff7e71ea7fd 15320->15323 15324 7ff7e71ea2f4 _get_daylight 11 API calls 15321->15324 15322->15323 15325 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15323->15325 15326 7ff7e71ea82a 15324->15326 15325->15316 15327 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15326->15327 15327->15316 15329 7ff7e71e9a4e _wfindfirst32i64 __scrt_get_show_window_mode 15328->15329 15330 7ff7e71e9a76 RtlCaptureContext RtlLookupFunctionEntry 15329->15330 15331 7ff7e71e9ae6 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15330->15331 15332 7ff7e71e9ab0 RtlVirtualUnwind 15330->15332 15333 7ff7e71e9b38 _wfindfirst32i64 15331->15333 15332->15331 15334 7ff7e71dacd0 _wfindfirst32i64 8 API calls 15333->15334 15335 7ff7e71e9b57 GetCurrentProcess TerminateProcess 15334->15335 15337 7ff7e71e27e5 15336->15337 15338 7ff7e71e2772 15336->15338 15339 7ff7e71e283f 15337->15339 15340 7ff7e71e27ea 15337->15340 15341 7ff7e71e280f 15338->15341 15342 7ff7e71e2778 15338->15342 15339->15341 15353 7ff7e71e284e 15339->15353 15360 7ff7e71e27a8 15339->15360 15343 7ff7e71e281f 15340->15343 15344 7ff7e71e27ec 15340->15344 15419 7ff7e71e0ce0 15341->15419 15349 7ff7e71e277d 15342->15349 15342->15353 15426 7ff7e71e08d0 15343->15426 15345 7ff7e71e278d 15344->15345 15352 7ff7e71e27fb 15344->15352 15361 7ff7e71e287d 15345->15361 15401 7ff7e71e3094 15345->15401 15349->15345 15351 7ff7e71e27c0 15349->15351 15349->15360 15351->15361 15411 7ff7e71e3550 15351->15411 15352->15341 15354 7ff7e71e2800 15352->15354 15353->15361 15433 7ff7e71e10f0 15353->15433 15354->15361 15415 7ff7e71e36e8 15354->15415 15356 7ff7e71dacd0 _wfindfirst32i64 8 API calls 15358 7ff7e71e2b13 15356->15358 15358->15294 15360->15361 15440 7ff7e71ed930 15360->15440 15361->15356 15363 7ff7e71e2403 15362->15363 15364 7ff7e71e2419 15362->15364 15365 7ff7e71e2457 15363->15365 15367 7ff7e71e27e5 15363->15367 15368 7ff7e71e2772 15363->15368 15364->15365 15366 7ff7e71e9c14 _invalid_parameter_noinfo 37 API calls 15364->15366 15365->15294 15366->15365 15369 7ff7e71e283f 15367->15369 15370 7ff7e71e27ea 15367->15370 15371 7ff7e71e280f 15368->15371 15372 7ff7e71e2778 15368->15372 15369->15371 15381 7ff7e71e284e 15369->15381 15391 7ff7e71e27a8 15369->15391 15373 7ff7e71e281f 15370->15373 15374 7ff7e71e27ec 15370->15374 15376 7ff7e71e0ce0 38 API calls 15371->15376 15379 7ff7e71e277d 15372->15379 15372->15381 15377 7ff7e71e08d0 38 API calls 15373->15377 15375 7ff7e71e278d 15374->15375 15383 7ff7e71e27fb 15374->15383 15378 7ff7e71e3094 47 API calls 15375->15378 15389 7ff7e71e287d 15375->15389 15376->15391 15377->15391 15378->15391 15379->15375 15380 7ff7e71e27c0 15379->15380 15379->15391 15384 7ff7e71e3550 47 API calls 15380->15384 15380->15389 15382 7ff7e71e10f0 38 API calls 15381->15382 15381->15389 15382->15391 15383->15371 15385 7ff7e71e2800 15383->15385 15384->15391 15387 7ff7e71e36e8 37 API calls 15385->15387 15385->15389 15386 7ff7e71dacd0 _wfindfirst32i64 8 API calls 15388 7ff7e71e2b13 15386->15388 15387->15391 15388->15294 15389->15386 15390 7ff7e71ed930 47 API calls 15390->15391 15391->15389 15391->15390 15591 7ff7e71dfea4 15392->15591 15396 7ff7e71e3967 15395->15396 15608 7ff7e71eca90 15396->15608 15402 7ff7e71e30b6 15401->15402 15450 7ff7e71dfd10 15402->15450 15407 7ff7e71e3950 45 API calls 15408 7ff7e71e31f3 15407->15408 15409 7ff7e71e3950 45 API calls 15408->15409 15410 7ff7e71e327c 15408->15410 15409->15410 15410->15360 15412 7ff7e71e3568 15411->15412 15414 7ff7e71e35d0 15411->15414 15413 7ff7e71ed930 47 API calls 15412->15413 15412->15414 15413->15414 15414->15360 15416 7ff7e71e3709 15415->15416 15417 7ff7e71e9c14 _invalid_parameter_noinfo 37 API calls 15416->15417 15418 7ff7e71e373a 15416->15418 15417->15418 15418->15360 15420 7ff7e71e0d13 15419->15420 15421 7ff7e71e0d42 15420->15421 15424 7ff7e71e0dff 15420->15424 15422 7ff7e71e0d7f 15421->15422 15423 7ff7e71dfd10 12 API calls 15421->15423 15422->15360 15423->15422 15425 7ff7e71e9c14 _invalid_parameter_noinfo 37 API calls 15424->15425 15425->15422 15427 7ff7e71e0903 15426->15427 15428 7ff7e71e0932 15427->15428 15430 7ff7e71e09ef 15427->15430 15429 7ff7e71dfd10 12 API calls 15428->15429 15432 7ff7e71e096f 15428->15432 15429->15432 15431 7ff7e71e9c14 _invalid_parameter_noinfo 37 API calls 15430->15431 15431->15432 15432->15360 15434 7ff7e71e1123 15433->15434 15435 7ff7e71e1152 15434->15435 15437 7ff7e71e120f 15434->15437 15436 7ff7e71dfd10 12 API calls 15435->15436 15439 7ff7e71e118f 15435->15439 15436->15439 15438 7ff7e71e9c14 _invalid_parameter_noinfo 37 API calls 15437->15438 15438->15439 15439->15360 15441 7ff7e71ed958 15440->15441 15442 7ff7e71ed99d 15441->15442 15443 7ff7e71e3950 45 API calls 15441->15443 15445 7ff7e71ed986 __scrt_get_show_window_mode 15441->15445 15446 7ff7e71ed95d __scrt_get_show_window_mode 15441->15446 15442->15445 15442->15446 15588 7ff7e71eefe8 15442->15588 15443->15442 15444 7ff7e71e9c14 _invalid_parameter_noinfo 37 API calls 15444->15446 15445->15444 15445->15446 15446->15360 15451 7ff7e71dfd47 15450->15451 15452 7ff7e71dfd36 15450->15452 15451->15452 15453 7ff7e71ec9fc _fread_nolock 12 API calls 15451->15453 15458 7ff7e71ed648 15452->15458 15454 7ff7e71dfd74 15453->15454 15455 7ff7e71dfd88 15454->15455 15456 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15454->15456 15457 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15455->15457 15456->15455 15457->15452 15459 7ff7e71ed665 15458->15459 15460 7ff7e71ed698 15458->15460 15461 7ff7e71e9c14 _invalid_parameter_noinfo 37 API calls 15459->15461 15460->15459 15462 7ff7e71ed6ca 15460->15462 15473 7ff7e71e31d1 15461->15473 15468 7ff7e71ed7dd 15462->15468 15475 7ff7e71ed712 15462->15475 15463 7ff7e71ed8cf 15513 7ff7e71ecb34 15463->15513 15465 7ff7e71ed895 15506 7ff7e71ececc 15465->15506 15467 7ff7e71ed864 15499 7ff7e71ed1ac 15467->15499 15468->15463 15468->15465 15468->15467 15469 7ff7e71ed827 15468->15469 15471 7ff7e71ed81d 15468->15471 15489 7ff7e71ed3dc 15469->15489 15471->15465 15474 7ff7e71ed822 15471->15474 15473->15407 15473->15408 15474->15467 15474->15469 15475->15473 15480 7ff7e71e90dc 15475->15480 15478 7ff7e71e9d00 _wfindfirst32i64 17 API calls 15479 7ff7e71ed92c 15478->15479 15481 7ff7e71e90f3 15480->15481 15482 7ff7e71e90e9 15480->15482 15483 7ff7e71e4374 _get_daylight 11 API calls 15481->15483 15482->15481 15487 7ff7e71e910e 15482->15487 15484 7ff7e71e90fa 15483->15484 15522 7ff7e71e9ce0 15484->15522 15486 7ff7e71e9106 15486->15473 15486->15478 15487->15486 15488 7ff7e71e4374 _get_daylight 11 API calls 15487->15488 15488->15484 15524 7ff7e71f30fc 15489->15524 15493 7ff7e71ed484 15494 7ff7e71ed488 15493->15494 15495 7ff7e71ed4d9 15493->15495 15496 7ff7e71ed4a4 15493->15496 15494->15473 15577 7ff7e71ecfc8 15495->15577 15573 7ff7e71ed284 15496->15573 15500 7ff7e71f30fc 38 API calls 15499->15500 15501 7ff7e71ed1f6 15500->15501 15502 7ff7e71f2b44 37 API calls 15501->15502 15503 7ff7e71ed246 15502->15503 15504 7ff7e71ed24a 15503->15504 15505 7ff7e71ed284 45 API calls 15503->15505 15504->15473 15505->15504 15507 7ff7e71f30fc 38 API calls 15506->15507 15508 7ff7e71ecf17 15507->15508 15509 7ff7e71f2b44 37 API calls 15508->15509 15510 7ff7e71ecf6f 15509->15510 15511 7ff7e71ecf73 15510->15511 15512 7ff7e71ecfc8 45 API calls 15510->15512 15511->15473 15512->15511 15514 7ff7e71ecbac 15513->15514 15515 7ff7e71ecb79 15513->15515 15516 7ff7e71ecbc4 15514->15516 15520 7ff7e71ecc45 15514->15520 15517 7ff7e71e9c14 _invalid_parameter_noinfo 37 API calls 15515->15517 15518 7ff7e71ececc 46 API calls 15516->15518 15519 7ff7e71ecba5 __scrt_get_show_window_mode 15517->15519 15518->15519 15519->15473 15520->15519 15521 7ff7e71e3950 45 API calls 15520->15521 15521->15519 15523 7ff7e71e9b78 _invalid_parameter_noinfo 37 API calls 15522->15523 15525 7ff7e71f314f fegetenv 15524->15525 15526 7ff7e71f705c 37 API calls 15525->15526 15529 7ff7e71f31a2 15526->15529 15527 7ff7e71f31cf 15531 7ff7e71e90dc __std_exception_copy 37 API calls 15527->15531 15528 7ff7e71f3292 15530 7ff7e71f705c 37 API calls 15528->15530 15529->15528 15535 7ff7e71f326c 15529->15535 15536 7ff7e71f31bd 15529->15536 15532 7ff7e71f32bc 15530->15532 15534 7ff7e71f324d 15531->15534 15533 7ff7e71f705c 37 API calls 15532->15533 15537 7ff7e71f32cd 15533->15537 15538 7ff7e71f4374 15534->15538 15543 7ff7e71f3255 15534->15543 15539 7ff7e71e90dc __std_exception_copy 37 API calls 15535->15539 15536->15527 15536->15528 15540 7ff7e71f7250 20 API calls 15537->15540 15541 7ff7e71e9d00 _wfindfirst32i64 17 API calls 15538->15541 15539->15534 15551 7ff7e71f3336 __scrt_get_show_window_mode 15540->15551 15542 7ff7e71f4389 15541->15542 15544 7ff7e71dacd0 _wfindfirst32i64 8 API calls 15543->15544 15545 7ff7e71ed429 15544->15545 15569 7ff7e71f2b44 15545->15569 15546 7ff7e71f36df __scrt_get_show_window_mode 15547 7ff7e71f3a1f 15548 7ff7e71f2c60 37 API calls 15547->15548 15556 7ff7e71f4137 15548->15556 15549 7ff7e71f39cb 15549->15547 15552 7ff7e71f438c memcpy_s 37 API calls 15549->15552 15550 7ff7e71f3377 memcpy_s 15558 7ff7e71f37d3 memcpy_s __scrt_get_show_window_mode 15550->15558 15560 7ff7e71f3cbb memcpy_s __scrt_get_show_window_mode 15550->15560 15551->15546 15551->15550 15554 7ff7e71e4374 _get_daylight 11 API calls 15551->15554 15552->15547 15553 7ff7e71f4192 15559 7ff7e71f4318 15553->15559 15565 7ff7e71f2c60 37 API calls 15553->15565 15567 7ff7e71f438c memcpy_s 37 API calls 15553->15567 15555 7ff7e71f37b0 15554->15555 15557 7ff7e71e9ce0 _invalid_parameter_noinfo 37 API calls 15555->15557 15556->15553 15561 7ff7e71f438c memcpy_s 37 API calls 15556->15561 15557->15550 15558->15549 15564 7ff7e71e4374 11 API calls _get_daylight 15558->15564 15566 7ff7e71e9ce0 37 API calls _invalid_parameter_noinfo 15558->15566 15563 7ff7e71f705c 37 API calls 15559->15563 15560->15547 15560->15549 15562 7ff7e71e4374 11 API calls _get_daylight 15560->15562 15568 7ff7e71e9ce0 37 API calls _invalid_parameter_noinfo 15560->15568 15561->15553 15562->15560 15563->15543 15564->15558 15565->15553 15566->15558 15567->15553 15568->15560 15570 7ff7e71f2b63 15569->15570 15571 7ff7e71e9c14 _invalid_parameter_noinfo 37 API calls 15570->15571 15572 7ff7e71f2b8e memcpy_s 15570->15572 15571->15572 15572->15493 15574 7ff7e71ed2b0 memcpy_s 15573->15574 15575 7ff7e71e3950 45 API calls 15574->15575 15576 7ff7e71ed36a memcpy_s __scrt_get_show_window_mode 15574->15576 15575->15576 15576->15494 15578 7ff7e71ed003 15577->15578 15582 7ff7e71ed050 memcpy_s 15577->15582 15579 7ff7e71e9c14 _invalid_parameter_noinfo 37 API calls 15578->15579 15580 7ff7e71ed02f 15579->15580 15580->15494 15581 7ff7e71ed0bb 15583 7ff7e71e90dc __std_exception_copy 37 API calls 15581->15583 15582->15581 15584 7ff7e71e3950 45 API calls 15582->15584 15587 7ff7e71ed0fd memcpy_s 15583->15587 15584->15581 15585 7ff7e71e9d00 _wfindfirst32i64 17 API calls 15586 7ff7e71ed1a8 15585->15586 15587->15585 15589 7ff7e71ef00c WideCharToMultiByte 15588->15589 15592 7ff7e71dfee3 15591->15592 15593 7ff7e71dfed1 15591->15593 15596 7ff7e71dfef0 15592->15596 15599 7ff7e71dff2d 15592->15599 15594 7ff7e71e4374 _get_daylight 11 API calls 15593->15594 15595 7ff7e71dfed6 15594->15595 15597 7ff7e71e9ce0 _invalid_parameter_noinfo 37 API calls 15595->15597 15598 7ff7e71e9c14 _invalid_parameter_noinfo 37 API calls 15596->15598 15604 7ff7e71dfee1 15597->15604 15598->15604 15600 7ff7e71dffd6 15599->15600 15601 7ff7e71e4374 _get_daylight 11 API calls 15599->15601 15602 7ff7e71e4374 _get_daylight 11 API calls 15600->15602 15600->15604 15605 7ff7e71dffcb 15601->15605 15603 7ff7e71e0080 15602->15603 15606 7ff7e71e9ce0 _invalid_parameter_noinfo 37 API calls 15603->15606 15604->15294 15607 7ff7e71e9ce0 _invalid_parameter_noinfo 37 API calls 15605->15607 15606->15604 15607->15600 15609 7ff7e71e398f 15608->15609 15610 7ff7e71ecaa9 15608->15610 15612 7ff7e71ecafc 15609->15612 15610->15609 15616 7ff7e71f2354 15610->15616 15613 7ff7e71ecb15 15612->15613 15614 7ff7e71e399f 15612->15614 15613->15614 15660 7ff7e71f16c0 15613->15660 15614->15294 15628 7ff7e71ea550 GetLastError 15616->15628 15619 7ff7e71f23ae 15619->15609 15629 7ff7e71ea574 FlsGetValue 15628->15629 15630 7ff7e71ea591 FlsSetValue 15628->15630 15631 7ff7e71ea581 15629->15631 15632 7ff7e71ea58b 15629->15632 15630->15631 15633 7ff7e71ea5a3 15630->15633 15634 7ff7e71ea5fd SetLastError 15631->15634 15632->15630 15635 7ff7e71edc70 _get_daylight 11 API calls 15633->15635 15637 7ff7e71ea61d 15634->15637 15638 7ff7e71ea60a 15634->15638 15636 7ff7e71ea5b2 15635->15636 15639 7ff7e71ea5d0 FlsSetValue 15636->15639 15640 7ff7e71ea5c0 FlsSetValue 15636->15640 15651 7ff7e71e913c 15637->15651 15638->15619 15650 7ff7e71ef6b8 EnterCriticalSection 15638->15650 15643 7ff7e71ea5ee 15639->15643 15644 7ff7e71ea5dc FlsSetValue 15639->15644 15642 7ff7e71ea5c9 15640->15642 15646 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15642->15646 15647 7ff7e71ea2f4 _get_daylight 11 API calls 15643->15647 15644->15642 15646->15631 15648 7ff7e71ea5f6 15647->15648 15649 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15648->15649 15649->15634 15652 7ff7e71f26a0 __GetCurrentState EnterCriticalSection LeaveCriticalSection 15651->15652 15653 7ff7e71e9145 15652->15653 15654 7ff7e71e9154 15653->15654 15655 7ff7e71f26f0 __GetCurrentState 44 API calls 15653->15655 15656 7ff7e71e915d IsProcessorFeaturePresent 15654->15656 15657 7ff7e71e9187 __GetCurrentState 15654->15657 15655->15654 15658 7ff7e71e916c 15656->15658 15659 7ff7e71e9a14 _wfindfirst32i64 14 API calls 15658->15659 15659->15657 15661 7ff7e71ea550 __GetCurrentState 45 API calls 15660->15661 15662 7ff7e71f16c9 15661->15662 15670 7ff7e71e421c EnterCriticalSection 15663->15670 15672 7ff7e71d24ec 15671->15672 15673 7ff7e71e3b14 49 API calls 15672->15673 15674 7ff7e71d253f 15673->15674 15675 7ff7e71e4374 _get_daylight 11 API calls 15674->15675 15676 7ff7e71d2544 15675->15676 15690 7ff7e71e4394 15676->15690 15679 7ff7e71d1b30 49 API calls 15680 7ff7e71d2573 __scrt_get_show_window_mode 15679->15680 15681 7ff7e71d79a0 57 API calls 15680->15681 15682 7ff7e71d25a0 15681->15682 15683 7ff7e71d25a5 15682->15683 15684 7ff7e71d25df MessageBoxA 15682->15684 15685 7ff7e71d79a0 57 API calls 15683->15685 15686 7ff7e71d25f9 15684->15686 15687 7ff7e71d25bf MessageBoxW 15685->15687 15688 7ff7e71dacd0 _wfindfirst32i64 8 API calls 15686->15688 15687->15686 15689 7ff7e71d2609 15688->15689 15689->14902 15691 7ff7e71ea6c8 _get_daylight 11 API calls 15690->15691 15692 7ff7e71e43ab 15691->15692 15693 7ff7e71d254b 15692->15693 15694 7ff7e71edc70 _get_daylight 11 API calls 15692->15694 15697 7ff7e71e43eb 15692->15697 15693->15679 15695 7ff7e71e43e0 15694->15695 15696 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15695->15696 15696->15697 15697->15693 15702 7ff7e71ee348 15697->15702 15700 7ff7e71e9d00 _wfindfirst32i64 17 API calls 15701 7ff7e71e4430 15700->15701 15706 7ff7e71ee365 15702->15706 15703 7ff7e71ee36a 15704 7ff7e71e4411 15703->15704 15705 7ff7e71e4374 _get_daylight 11 API calls 15703->15705 15704->15693 15704->15700 15707 7ff7e71ee374 15705->15707 15706->15703 15706->15704 15709 7ff7e71ee3b4 15706->15709 15708 7ff7e71e9ce0 _invalid_parameter_noinfo 37 API calls 15707->15708 15708->15704 15709->15704 15710 7ff7e71e4374 _get_daylight 11 API calls 15709->15710 15710->15707 15712 7ff7e71d7ad4 WideCharToMultiByte 15711->15712 15713 7ff7e71d7b42 WideCharToMultiByte 15711->15713 15714 7ff7e71d7afe 15712->15714 15718 7ff7e71d7b15 15712->15718 15715 7ff7e71d7b6f 15713->15715 15719 7ff7e71d3be5 15713->15719 15716 7ff7e71d2620 57 API calls 15714->15716 15717 7ff7e71d2620 57 API calls 15715->15717 15716->15719 15717->15719 15718->15713 15720 7ff7e71d7b2b 15718->15720 15719->14911 15719->14914 15721 7ff7e71d2620 57 API calls 15720->15721 15721->15719 15723 7ff7e71e9053 15722->15723 15726 7ff7e71d69ee 15722->15726 15724 7ff7e71e90dc __std_exception_copy 37 API calls 15723->15724 15723->15726 15725 7ff7e71e9080 15724->15725 15725->15726 15727 7ff7e71e9d00 _wfindfirst32i64 17 API calls 15725->15727 15726->14932 15728 7ff7e71e90b0 15727->15728 15730 7ff7e71d17d4 15729->15730 15731 7ff7e71d17e4 15729->15731 15732 7ff7e71d3c90 116 API calls 15730->15732 15733 7ff7e71d7170 83 API calls 15731->15733 15759 7ff7e71d1842 15731->15759 15732->15731 15734 7ff7e71d1815 15733->15734 15734->15759 15763 7ff7e71df864 15734->15763 15736 7ff7e71dacd0 _wfindfirst32i64 8 API calls 15738 7ff7e71d19c0 15736->15738 15737 7ff7e71d182b 15739 7ff7e71d182f 15737->15739 15740 7ff7e71d184c 15737->15740 15738->14947 15738->14948 15741 7ff7e71d24d0 59 API calls 15739->15741 15767 7ff7e71df52c 15740->15767 15741->15759 15744 7ff7e71d1867 15746 7ff7e71d24d0 59 API calls 15744->15746 15745 7ff7e71df864 73 API calls 15747 7ff7e71d18d1 15745->15747 15746->15759 15748 7ff7e71d18e3 15747->15748 15749 7ff7e71d18fe 15747->15749 15750 7ff7e71d24d0 59 API calls 15748->15750 15751 7ff7e71df52c _fread_nolock 53 API calls 15749->15751 15750->15759 15752 7ff7e71d1913 15751->15752 15752->15744 15753 7ff7e71d1925 15752->15753 15770 7ff7e71df2a0 15753->15770 15756 7ff7e71d193d 15757 7ff7e71d2770 59 API calls 15756->15757 15757->15759 15758 7ff7e71d1950 15760 7ff7e71d1993 15758->15760 15762 7ff7e71d2770 59 API calls 15758->15762 15759->15736 15760->15759 15761 7ff7e71df1dc 74 API calls 15760->15761 15761->15759 15762->15760 15764 7ff7e71df894 15763->15764 15776 7ff7e71df5f4 15764->15776 15766 7ff7e71df8ad 15766->15737 15788 7ff7e71df54c 15767->15788 15771 7ff7e71d1939 15770->15771 15772 7ff7e71df2a9 15770->15772 15771->15756 15771->15758 15773 7ff7e71e4374 _get_daylight 11 API calls 15772->15773 15774 7ff7e71df2ae 15773->15774 15775 7ff7e71e9ce0 _invalid_parameter_noinfo 37 API calls 15774->15775 15775->15771 15777 7ff7e71df65e 15776->15777 15778 7ff7e71df61e 15776->15778 15777->15778 15779 7ff7e71df66a 15777->15779 15780 7ff7e71e9c14 _invalid_parameter_noinfo 37 API calls 15778->15780 15787 7ff7e71e421c EnterCriticalSection 15779->15787 15782 7ff7e71df645 15780->15782 15782->15766 15789 7ff7e71df576 15788->15789 15800 7ff7e71d1861 15788->15800 15790 7ff7e71df585 __scrt_get_show_window_mode 15789->15790 15791 7ff7e71df5c2 15789->15791 15789->15800 15793 7ff7e71e4374 _get_daylight 11 API calls 15790->15793 15801 7ff7e71e421c EnterCriticalSection 15791->15801 15795 7ff7e71df59a 15793->15795 15798 7ff7e71e9ce0 _invalid_parameter_noinfo 37 API calls 15795->15798 15798->15800 15800->15744 15800->15745 15894 7ff7e71d6700 15802->15894 15804 7ff7e71d1454 15805 7ff7e71d1459 15804->15805 15903 7ff7e71d6a20 15804->15903 15805->14974 15808 7ff7e71d14a7 15811 7ff7e71d14e0 15808->15811 15814 7ff7e71d3c90 116 API calls 15808->15814 15809 7ff7e71d1487 15810 7ff7e71d24d0 59 API calls 15809->15810 15813 7ff7e71d149d 15810->15813 15812 7ff7e71df864 73 API calls 15811->15812 15816 7ff7e71d14f2 15812->15816 15813->14974 15815 7ff7e71d14bf 15814->15815 15815->15811 15817 7ff7e71d14c7 15815->15817 15818 7ff7e71d1516 15816->15818 15819 7ff7e71d14f6 15816->15819 15820 7ff7e71d2770 59 API calls 15817->15820 15822 7ff7e71d1534 15818->15822 15823 7ff7e71d151c 15818->15823 15821 7ff7e71d24d0 59 API calls 15819->15821 15830 7ff7e71d14d6 __vcrt_freefls 15820->15830 15821->15830 15825 7ff7e71d1556 15822->15825 15835 7ff7e71d1575 15822->15835 15923 7ff7e71d1050 15823->15923 15827 7ff7e71d24d0 59 API calls 15825->15827 15826 7ff7e71d1624 15829 7ff7e71df1dc 74 API calls 15826->15829 15827->15830 15828 7ff7e71df1dc 74 API calls 15828->15826 15829->15813 15830->15826 15830->15828 15831 7ff7e71df52c _fread_nolock 53 API calls 15831->15835 15832 7ff7e71d15d5 15834 7ff7e71d24d0 59 API calls 15832->15834 15834->15830 15835->15830 15835->15831 15835->15832 15941 7ff7e71dfc6c 15835->15941 15837 7ff7e71d29a6 15836->15837 15838 7ff7e71d1b30 49 API calls 15837->15838 15840 7ff7e71d29db 15838->15840 15839 7ff7e71d2dc9 15840->15839 15841 7ff7e71d3b00 49 API calls 15840->15841 15842 7ff7e71d2a57 15841->15842 16520 7ff7e71d2ff0 15842->16520 15845 7ff7e71d2ae7 15847 7ff7e71d6700 98 API calls 15845->15847 15846 7ff7e71d2ff0 75 API calls 15848 7ff7e71d2ae3 15846->15848 15849 7ff7e71d2aef 15847->15849 15848->15845 15850 7ff7e71d2b55 15848->15850 15854 7ff7e71d2b0c 15849->15854 16528 7ff7e71d65e0 15849->16528 15851 7ff7e71d2ff0 75 API calls 15850->15851 15853 7ff7e71d2b7e 15851->15853 15857 7ff7e71d2ff0 75 API calls 15853->15857 15864 7ff7e71d2bd8 15853->15864 15855 7ff7e71d2770 59 API calls 15854->15855 15856 7ff7e71d2b26 15854->15856 15855->15856 15859 7ff7e71dacd0 _wfindfirst32i64 8 API calls 15856->15859 15860 7ff7e71d2bab 15857->15860 15858 7ff7e71d6700 98 API calls 15865 7ff7e71d2be8 15858->15865 15861 7ff7e71d2b4a 15859->15861 15862 7ff7e71d2ff0 75 API calls 15860->15862 15860->15864 15861->14974 15862->15864 15863 7ff7e71d1af0 59 API calls 15864->15854 15864->15858 15865->15854 15865->15863 15867 7ff7e71d2d06 15865->15867 15867->15854 15891 7ff7e71d17a1 15890->15891 15892 7ff7e71d1795 15890->15892 15891->14974 15893 7ff7e71d2770 59 API calls 15892->15893 15893->15891 15895 7ff7e71d6748 15894->15895 15896 7ff7e71d6712 15894->15896 15895->15804 15945 7ff7e71d16d0 15896->15945 15904 7ff7e71d6a30 15903->15904 15905 7ff7e71d1b30 49 API calls 15904->15905 15906 7ff7e71d6a61 15905->15906 15907 7ff7e71d6be9 15906->15907 15908 7ff7e71d1b30 49 API calls 15906->15908 15909 7ff7e71dacd0 _wfindfirst32i64 8 API calls 15907->15909 15911 7ff7e71d6a88 15908->15911 15910 7ff7e71d147f 15909->15910 15910->15808 15910->15809 15911->15907 16470 7ff7e71e5018 15911->16470 15913 7ff7e71d6b99 15914 7ff7e71d79a0 57 API calls 15913->15914 15915 7ff7e71d6bb1 15914->15915 15916 7ff7e71d6bd8 15915->15916 16479 7ff7e71d2880 15915->16479 15918 7ff7e71d3c90 116 API calls 15916->15918 15918->15907 15919 7ff7e71d6abd 15919->15907 15919->15913 15920 7ff7e71e5018 49 API calls 15919->15920 15921 7ff7e71d79a0 57 API calls 15919->15921 15922 7ff7e71d7810 58 API calls 15919->15922 15920->15919 15921->15919 15922->15919 15924 7ff7e71d10a6 15923->15924 15925 7ff7e71d10d3 15924->15925 15926 7ff7e71d10ad 15924->15926 15929 7ff7e71d10ed 15925->15929 15930 7ff7e71d1109 15925->15930 15927 7ff7e71d2770 59 API calls 15926->15927 15928 7ff7e71d10c0 15927->15928 15928->15830 15931 7ff7e71d24d0 59 API calls 15929->15931 15932 7ff7e71d111b 15930->15932 15936 7ff7e71d1137 memcpy_s 15930->15936 15935 7ff7e71d1104 __vcrt_freefls 15931->15935 15933 7ff7e71d24d0 59 API calls 15932->15933 15933->15935 15934 7ff7e71df52c _fread_nolock 53 API calls 15934->15936 15935->15830 15936->15934 15936->15935 15937 7ff7e71d11fe 15936->15937 15939 7ff7e71dfc6c 76 API calls 15936->15939 15940 7ff7e71df2a0 37 API calls 15936->15940 15939->15936 15940->15936 15942 7ff7e71dfc9c 15941->15942 16505 7ff7e71df9bc 15942->16505 15947 7ff7e71d16f5 15945->15947 15946 7ff7e71d1738 15949 7ff7e71d6760 15946->15949 15947->15946 15948 7ff7e71d2770 59 API calls 15947->15948 15948->15946 15950 7ff7e71d6778 15949->15950 15951 7ff7e71d67eb 15950->15951 15952 7ff7e71d6798 15950->15952 15953 7ff7e71d67f0 GetTempPathW 15951->15953 15954 7ff7e71d6970 61 API calls 15952->15954 15955 7ff7e71d6805 15953->15955 15956 7ff7e71d67a4 15954->15956 15989 7ff7e71d2470 15955->15989 16013 7ff7e71d6460 15956->16013 15961 7ff7e71dacd0 _wfindfirst32i64 8 API calls 15964 7ff7e71d672d 15961->15964 15964->15895 15967 7ff7e71d68c6 15970 7ff7e71d7ab0 59 API calls 15967->15970 15968 7ff7e71d681e __vcrt_freefls 15968->15967 15972 7ff7e71d6851 15968->15972 15993 7ff7e71e729c 15968->15993 15996 7ff7e71d7810 15968->15996 15974 7ff7e71d79a0 57 API calls 15972->15974 15983 7ff7e71d688a __vcrt_freefls 15972->15983 15983->15961 15990 7ff7e71d2495 15989->15990 16047 7ff7e71e3d68 15990->16047 16014 7ff7e71d646c 16013->16014 16015 7ff7e71d79a0 57 API calls 16014->16015 16016 7ff7e71d648e 16015->16016 16017 7ff7e71d6496 16016->16017 16018 7ff7e71d64a9 ExpandEnvironmentStringsW 16016->16018 16019 7ff7e71d2770 59 API calls 16017->16019 16020 7ff7e71d64cf __vcrt_freefls 16018->16020 16021 7ff7e71d64a2 16019->16021 16022 7ff7e71d64d3 16020->16022 16023 7ff7e71d64e6 16020->16023 16024 7ff7e71dacd0 _wfindfirst32i64 8 API calls 16021->16024 16025 7ff7e71d2770 59 API calls 16022->16025 16027 7ff7e71d64f4 16023->16027 16028 7ff7e71d6500 16023->16028 16026 7ff7e71d65c8 16024->16026 16025->16021 16026->15983 16037 7ff7e71e65e4 16026->16037 16354 7ff7e71e5e74 16027->16354 16361 7ff7e71e5278 16028->16361 16031 7ff7e71d64fe 16032 7ff7e71d651a 16031->16032 16035 7ff7e71d652d __scrt_get_show_window_mode 16031->16035 16038 7ff7e71e6604 16037->16038 16039 7ff7e71e65f1 16037->16039 16462 7ff7e71e6268 16038->16462 16041 7ff7e71e4374 _get_daylight 11 API calls 16039->16041 16049 7ff7e71e3dc2 16047->16049 16048 7ff7e71e3de7 16050 7ff7e71e9c14 _invalid_parameter_noinfo 37 API calls 16048->16050 16049->16048 16051 7ff7e71e3e23 16049->16051 16054 7ff7e71e3e11 16050->16054 16065 7ff7e71e2120 16051->16065 16053 7ff7e71e3f04 16056 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16053->16056 16055 7ff7e71dacd0 _wfindfirst32i64 8 API calls 16054->16055 16058 7ff7e71d24b4 16055->16058 16056->16054 16058->15968 16059 7ff7e71e3f2a 16059->16053 16061 7ff7e71e3f34 16059->16061 16060 7ff7e71e3ed9 16062 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16060->16062 16064 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16061->16064 16062->16054 16063 7ff7e71e3ed0 16063->16053 16063->16060 16064->16054 16066 7ff7e71e215e 16065->16066 16067 7ff7e71e214e 16065->16067 16068 7ff7e71e2167 16066->16068 16073 7ff7e71e2195 16066->16073 16071 7ff7e71e9c14 _invalid_parameter_noinfo 37 API calls 16067->16071 16069 7ff7e71e9c14 _invalid_parameter_noinfo 37 API calls 16068->16069 16070 7ff7e71e218d 16069->16070 16070->16053 16070->16059 16070->16060 16070->16063 16071->16070 16073->16067 16073->16070 16076 7ff7e71e2b34 16073->16076 16109 7ff7e71e2580 16073->16109 16146 7ff7e71e1d10 16073->16146 16077 7ff7e71e2b76 16076->16077 16078 7ff7e71e2be7 16076->16078 16079 7ff7e71e2c11 16077->16079 16080 7ff7e71e2b7c 16077->16080 16081 7ff7e71e2c40 16078->16081 16082 7ff7e71e2bec 16078->16082 16165 7ff7e71e0ee4 16079->16165 16083 7ff7e71e2bb0 16080->16083 16084 7ff7e71e2b81 16080->16084 16087 7ff7e71e2c57 16081->16087 16090 7ff7e71e2c4a 16081->16090 16091 7ff7e71e2c4f 16081->16091 16085 7ff7e71e2c21 16082->16085 16089 7ff7e71e2bee 16082->16089 16083->16091 16084->16087 16090->16079 16090->16091 16110 7ff7e71e25a4 16109->16110 16111 7ff7e71e258e 16109->16111 16114 7ff7e71e9c14 _invalid_parameter_noinfo 37 API calls 16110->16114 16115 7ff7e71e25e4 16110->16115 16112 7ff7e71e2b76 16111->16112 16113 7ff7e71e2be7 16111->16113 16111->16115 16114->16115 16115->16073 16202 7ff7e71e0158 16146->16202 16203 7ff7e71e019f 16202->16203 16204 7ff7e71e018d 16202->16204 16206 7ff7e71e01e9 16203->16206 16208 7ff7e71e01ad 16203->16208 16205 7ff7e71e4374 _get_daylight 11 API calls 16204->16205 16355 7ff7e71e5e92 16354->16355 16358 7ff7e71e5ec5 16354->16358 16355->16358 16373 7ff7e71ef854 16355->16373 16358->16031 16362 7ff7e71e5294 16361->16362 16363 7ff7e71e5302 16361->16363 16362->16363 16365 7ff7e71e5299 16362->16365 16407 7ff7e71eefc0 16363->16407 16366 7ff7e71e52b1 16365->16366 16367 7ff7e71e52ce 16365->16367 16410 7ff7e71eedd0 16407->16410 16471 7ff7e71ea550 __GetCurrentState 45 API calls 16470->16471 16473 7ff7e71e502d 16471->16473 16472 7ff7e71eedc7 16492 7ff7e71db0d4 16472->16492 16473->16472 16477 7ff7e71eece6 16473->16477 16476 7ff7e71dacd0 _wfindfirst32i64 8 API calls 16478 7ff7e71eedbf 16476->16478 16477->16476 16478->15919 16480 7ff7e71d28a0 16479->16480 16481 7ff7e71e3b14 49 API calls 16480->16481 16495 7ff7e71db0e8 IsProcessorFeaturePresent 16492->16495 16496 7ff7e71db0ff 16495->16496 16501 7ff7e71db184 RtlCaptureContext RtlLookupFunctionEntry 16496->16501 16502 7ff7e71db1b4 RtlVirtualUnwind 16501->16502 16503 7ff7e71db113 16501->16503 16502->16503 16504 7ff7e71dafc4 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16503->16504 16506 7ff7e71df9dc 16505->16506 16511 7ff7e71dfa09 16505->16511 16506->16511 16521 7ff7e71d3024 16520->16521 16522 7ff7e71e3b14 49 API calls 16521->16522 16523 7ff7e71d304a 16522->16523 16524 7ff7e71d305b 16523->16524 16552 7ff7e71e4d38 16523->16552 16526 7ff7e71dacd0 _wfindfirst32i64 8 API calls 16524->16526 16527 7ff7e71d2a96 16526->16527 16527->15845 16527->15846 16529 7ff7e71d65ee 16528->16529 16530 7ff7e71d3c90 116 API calls 16529->16530 16531 7ff7e71d6615 16530->16531 16532 7ff7e71d6a20 132 API calls 16531->16532 16533 7ff7e71d6623 16532->16533 16534 7ff7e71d66d3 16533->16534 16536 7ff7e71d663d 16533->16536 16553 7ff7e71e4d55 16552->16553 16554 7ff7e71e4d61 16552->16554 16569 7ff7e71e45b0 16553->16569 16594 7ff7e71e494c 16554->16594 16559 7ff7e71e4d99 16605 7ff7e71e4434 16559->16605 16562 7ff7e71e4df5 16565 7ff7e71e4d5a 16562->16565 16567 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16562->16567 16563 7ff7e71e4e09 16564 7ff7e71e45b0 69 API calls 16563->16564 16566 7ff7e71e4e15 16564->16566 16565->16524 16566->16565 16568 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16566->16568 16567->16565 16568->16565 16570 7ff7e71e45e7 16569->16570 16571 7ff7e71e45ca 16569->16571 16570->16571 16573 7ff7e71e45fa CreateFileW 16570->16573 16572 7ff7e71e4354 _fread_nolock 11 API calls 16571->16572 16574 7ff7e71e45cf 16572->16574 16575 7ff7e71e4664 16573->16575 16576 7ff7e71e462e 16573->16576 16578 7ff7e71e4374 _get_daylight 11 API calls 16574->16578 16653 7ff7e71e4c28 16575->16653 16627 7ff7e71e4704 GetFileType 16576->16627 16582 7ff7e71e45d7 16578->16582 16587 7ff7e71e9ce0 _invalid_parameter_noinfo 37 API calls 16582->16587 16583 7ff7e71e4643 CloseHandle 16588 7ff7e71e45e2 16583->16588 16584 7ff7e71e4659 CloseHandle 16584->16588 16585 7ff7e71e466d 16589 7ff7e71e42e8 _fread_nolock 11 API calls 16585->16589 16586 7ff7e71e4698 16674 7ff7e71e49e8 16586->16674 16587->16588 16588->16565 16595 7ff7e71e4970 16594->16595 16601 7ff7e71e496b 16594->16601 16596 7ff7e71ea550 __GetCurrentState 45 API calls 16595->16596 16595->16601 16597 7ff7e71e498b 16596->16597 16715 7ff7e71eca5c 16597->16715 16601->16559 16602 7ff7e71edefc 16601->16602 16723 7ff7e71edce8 16602->16723 16606 7ff7e71e4482 16605->16606 16607 7ff7e71e445e 16605->16607 16608 7ff7e71e44dc 16606->16608 16609 7ff7e71e4487 16606->16609 16611 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16607->16611 16616 7ff7e71e446d 16607->16616 16732 7ff7e71ee720 16608->16732 16612 7ff7e71e449c 16609->16612 16613 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16609->16613 16609->16616 16611->16616 16614 7ff7e71ec9fc _fread_nolock 12 API calls 16612->16614 16613->16612 16614->16616 16616->16562 16616->16563 16628 7ff7e71e480f 16627->16628 16629 7ff7e71e4752 16627->16629 16631 7ff7e71e4817 16628->16631 16632 7ff7e71e4839 16628->16632 16630 7ff7e71e477e GetFileInformationByHandle 16629->16630 16634 7ff7e71e4b24 21 API calls 16629->16634 16635 7ff7e71e47a7 16630->16635 16636 7ff7e71e482a GetLastError 16630->16636 16631->16636 16637 7ff7e71e481b 16631->16637 16633 7ff7e71e485c PeekNamedPipe 16632->16633 16652 7ff7e71e47fa 16632->16652 16633->16652 16638 7ff7e71e476c 16634->16638 16639 7ff7e71e49e8 51 API calls 16635->16639 16641 7ff7e71e42e8 _fread_nolock 11 API calls 16636->16641 16640 7ff7e71e4374 _get_daylight 11 API calls 16637->16640 16638->16630 16638->16652 16643 7ff7e71e47b2 16639->16643 16640->16652 16641->16652 16642 7ff7e71dacd0 _wfindfirst32i64 8 API calls 16644 7ff7e71e463c 16642->16644 16691 7ff7e71e48ac 16643->16691 16644->16583 16644->16584 16652->16642 16654 7ff7e71e4c5e 16653->16654 16655 7ff7e71e4374 _get_daylight 11 API calls 16654->16655 16673 7ff7e71e4cf6 __vcrt_freefls 16654->16673 16657 7ff7e71e4c70 16655->16657 16656 7ff7e71dacd0 _wfindfirst32i64 8 API calls 16658 7ff7e71e4669 16656->16658 16659 7ff7e71e4374 _get_daylight 11 API calls 16657->16659 16658->16585 16658->16586 16660 7ff7e71e4c78 16659->16660 16661 7ff7e71e5278 45 API calls 16660->16661 16673->16656 16716 7ff7e71eca71 16715->16716 16717 7ff7e71e49ae 16715->16717 16716->16717 16718 7ff7e71f2354 45 API calls 16716->16718 16719 7ff7e71ecac8 16717->16719 16718->16717 16720 7ff7e71ecaf0 16719->16720 16721 7ff7e71ecadd 16719->16721 16720->16601 16721->16720 16722 7ff7e71f16c0 45 API calls 16721->16722 16722->16720 16724 7ff7e71edd45 16723->16724 16730 7ff7e71edd40 __vcrt_FlsAlloc 16723->16730 16724->16559 16725 7ff7e71edd75 LoadLibraryExW 16727 7ff7e71ede4a 16725->16727 16728 7ff7e71edd9a GetLastError 16725->16728 16726 7ff7e71ede6a GetProcAddress 16726->16724 16727->16726 16729 7ff7e71ede61 FreeLibrary 16727->16729 16728->16730 16729->16726 16730->16724 16730->16725 16730->16726 16731 7ff7e71eddd4 LoadLibraryExW 16730->16731 16731->16727 16731->16730 16733 7ff7e71ee729 MultiByteToWideChar 16732->16733 16762 7ff7e71e90bd 16761->16762 16764 7ff7e71d6ffa 16761->16764 16763 7ff7e71e4374 _get_daylight 11 API calls 16762->16763 16765 7ff7e71e90c2 16763->16765 16767 7ff7e71e6e28 16764->16767 16768 7ff7e71e6e46 16767->16768 16769 7ff7e71e6e31 16767->16769 16771 7ff7e71e4354 _fread_nolock 11 API calls 16768->16771 16775 7ff7e71e6e3e 16768->16775 16770 7ff7e71e4354 _fread_nolock 11 API calls 16769->16770 16780 7ff7e71db20e RtlLookupFunctionEntry 16779->16780 16781 7ff7e71db224 RtlVirtualUnwind 16780->16781 16782 7ff7e71db02b 16780->16782 16781->16780 16781->16782 16783 7ff7e71dafc4 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16782->16783 16786 7ff7e71e532c 16784->16786 16785 7ff7e71e5352 16787 7ff7e71e4374 _get_daylight 11 API calls 16785->16787 16786->16785 16788 7ff7e71e5385 16786->16788 16789 7ff7e71e5357 16787->16789 16790 7ff7e71e538b 16788->16790 16791 7ff7e71e5398 16788->16791 16792 7ff7e71e9ce0 _invalid_parameter_noinfo 37 API calls 16789->16792 16793 7ff7e71e4374 _get_daylight 11 API calls 16790->16793 16803 7ff7e71ea028 16791->16803 16795 7ff7e71d3ce9 16792->16795 16793->16795 16795->15037 16816 7ff7e71ef6b8 EnterCriticalSection 16803->16816 17164 7ff7e71e7898 17163->17164 17167 7ff7e71e7374 17164->17167 17166 7ff7e71e78b1 17166->15047 17168 7ff7e71e738f 17167->17168 17169 7ff7e71e73be 17167->17169 17170 7ff7e71e9c14 _invalid_parameter_noinfo 37 API calls 17168->17170 17177 7ff7e71e421c EnterCriticalSection 17169->17177 17172 7ff7e71e73af 17170->17172 17172->17166 17179 7ff7e71defd3 17178->17179 17180 7ff7e71df001 17178->17180 17181 7ff7e71e9c14 _invalid_parameter_noinfo 37 API calls 17179->17181 17182 7ff7e71deff3 17180->17182 17188 7ff7e71e421c EnterCriticalSection 17180->17188 17181->17182 17182->15051 17190 7ff7e71d12c6 17189->17190 17191 7ff7e71d12f8 17189->17191 17193 7ff7e71d3c90 116 API calls 17190->17193 17192 7ff7e71df864 73 API calls 17191->17192 17194 7ff7e71d130a 17192->17194 17195 7ff7e71d12d6 17193->17195 17197 7ff7e71d132f 17194->17197 17198 7ff7e71d130e 17194->17198 17195->17191 17196 7ff7e71d12de 17195->17196 17199 7ff7e71d2770 59 API calls 17196->17199 17203 7ff7e71d1364 17197->17203 17204 7ff7e71d1344 17197->17204 17200 7ff7e71d24d0 59 API calls 17198->17200 17201 7ff7e71d12ee 17199->17201 17202 7ff7e71d1325 17200->17202 17201->15061 17202->15061 17205 7ff7e71d1395 17203->17205 17206 7ff7e71d137e 17203->17206 17207 7ff7e71d24d0 59 API calls 17204->17207 17209 7ff7e71d135f __vcrt_freefls 17205->17209 17210 7ff7e71df52c _fread_nolock 53 API calls 17205->17210 17213 7ff7e71d13de 17205->17213 17208 7ff7e71d1050 98 API calls 17206->17208 17207->17209 17208->17209 17211 7ff7e71df1dc 74 API calls 17209->17211 17212 7ff7e71d1421 17209->17212 17210->17205 17211->17212 17212->15061 17214 7ff7e71d24d0 59 API calls 17213->17214 17214->17209 17216 7ff7e71d1b30 49 API calls 17215->17216 17217 7ff7e71d3d40 17216->17217 17217->15063 17219 7ff7e71d16aa 17218->17219 17220 7ff7e71d1666 17218->17220 17219->15071 17220->17219 17221 7ff7e71d2770 59 API calls 17220->17221 17222 7ff7e71d16be 17221->17222 17222->15071 17224 7ff7e71d79a0 57 API calls 17223->17224 17225 7ff7e71d7137 LoadLibraryExW 17224->17225 17226 7ff7e71d7154 __vcrt_freefls 17225->17226 17226->15088 17227->15163 17228->15161 17230 7ff7e71d4950 17229->17230 17231 7ff7e71d1b30 49 API calls 17230->17231 17232 7ff7e71d4982 17231->17232 17233 7ff7e71d49ab 17232->17233 17234 7ff7e71d498b 17232->17234 17236 7ff7e71d4a02 17233->17236 17238 7ff7e71d3d10 49 API calls 17233->17238 17235 7ff7e71d2770 59 API calls 17234->17235 17256 7ff7e71d49a1 17235->17256 17237 7ff7e71d3d10 49 API calls 17236->17237 17239 7ff7e71d4a1b 17237->17239 17240 7ff7e71d49cc 17238->17240 17242 7ff7e71d4a39 17239->17242 17246 7ff7e71d2770 59 API calls 17239->17246 17243 7ff7e71d49ea 17240->17243 17248 7ff7e71d2770 59 API calls 17240->17248 17241 7ff7e71dacd0 _wfindfirst32i64 8 API calls 17245 7ff7e71d309e 17241->17245 17247 7ff7e71d7120 58 API calls 17242->17247 17314 7ff7e71d3c20 17243->17314 17245->15173 17257 7ff7e71d4cc0 17245->17257 17246->17242 17250 7ff7e71d4a46 17247->17250 17248->17243 17251 7ff7e71d4a4b 17250->17251 17252 7ff7e71d4a6d 17250->17252 17255 7ff7e71d2620 57 API calls 17251->17255 17320 7ff7e71d3dd0 GetProcAddress 17252->17320 17254 7ff7e71d7120 58 API calls 17254->17236 17255->17256 17256->17241 17258 7ff7e71d6970 61 API calls 17257->17258 17259 7ff7e71d4cd5 17258->17259 17262 7ff7e71d4cf0 17259->17262 17263 7ff7e71d2880 59 API calls 17259->17263 17260 7ff7e71d79a0 57 API calls 17261 7ff7e71d4d34 17260->17261 17264 7ff7e71d4d50 17261->17264 17265 7ff7e71d4d39 17261->17265 17262->17260 17263->17262 17268 7ff7e71d79a0 57 API calls 17264->17268 17266 7ff7e71d2770 59 API calls 17265->17266 17267 7ff7e71d4d45 17266->17267 17267->15175 17269 7ff7e71d4d85 17268->17269 17272 7ff7e71d1b30 49 API calls 17269->17272 17283 7ff7e71d4d8a __vcrt_freefls 17269->17283 17270 7ff7e71d2770 59 API calls 17271 7ff7e71d4f31 17270->17271 17271->15175 17273 7ff7e71d4e07 17272->17273 17274 7ff7e71d4e33 17273->17274 17275 7ff7e71d4e0e 17273->17275 17277 7ff7e71d79a0 57 API calls 17274->17277 17276 7ff7e71d2770 59 API calls 17275->17276 17283->17270 17284 7ff7e71d4f1a 17283->17284 17284->15175 17286 7ff7e71d46d7 17285->17286 17286->17286 17287 7ff7e71d4700 17286->17287 17294 7ff7e71d4717 __vcrt_freefls 17286->17294 17288 7ff7e71d2770 59 API calls 17287->17288 17290 7ff7e71d47fb 17291 7ff7e71d12b0 122 API calls 17291->17294 17292 7ff7e71d1780 59 API calls 17292->17294 17293 7ff7e71d2770 59 API calls 17293->17294 17294->17290 17294->17291 17294->17292 17294->17293 17315 7ff7e71d3c2a 17314->17315 17316 7ff7e71d79a0 57 API calls 17315->17316 17317 7ff7e71d3c52 17316->17317 17318 7ff7e71dacd0 _wfindfirst32i64 8 API calls 17317->17318 17319 7ff7e71d3c7a 17318->17319 17319->17236 17319->17254 17321 7ff7e71d3e1b GetProcAddress 17320->17321 17325 7ff7e71d3df8 17320->17325 17322 7ff7e71d3e40 GetProcAddress 17321->17322 17321->17325 17324 7ff7e71d3e65 GetProcAddress 17322->17324 17322->17325 17323 7ff7e71d2620 57 API calls 17326 7ff7e71d3e0b 17323->17326 17324->17325 17327 7ff7e71d3e8d GetProcAddress 17324->17327 17325->17323 17326->17256 17327->17325 17328 7ff7e71d3eb5 GetProcAddress 17327->17328 17328->17325 17329 7ff7e71d3edd GetProcAddress 17328->17329 17330 7ff7e71d3f05 GetProcAddress 17329->17330 17331 7ff7e71d3ef9 17329->17331 17332 7ff7e71d3f21 17330->17332 17333 7ff7e71d3f2d GetProcAddress 17330->17333 17331->17330 17332->17333 17334 7ff7e71d3f49 17333->17334 17335 7ff7e71d3f85 GetProcAddress 17334->17335 17336 7ff7e71d3f5d GetProcAddress 17334->17336 17336->17335 17595 7ff7e71ea550 __GetCurrentState 45 API calls 17594->17595 17596 7ff7e71e9011 17595->17596 17597 7ff7e71e913c __GetCurrentState 45 API calls 17596->17597 17598 7ff7e71e9031 17597->17598 18008 7ff7e71ef938 18009 7ff7e71ef95c 18008->18009 18011 7ff7e71ef96c 18008->18011 18010 7ff7e71e4374 _get_daylight 11 API calls 18009->18010 18030 7ff7e71ef961 18010->18030 18012 7ff7e71efc4c 18011->18012 18013 7ff7e71ef98e 18011->18013 18014 7ff7e71e4374 _get_daylight 11 API calls 18012->18014 18015 7ff7e71ef9af 18013->18015 18139 7ff7e71efff4 18013->18139 18016 7ff7e71efc51 18014->18016 18019 7ff7e71efa21 18015->18019 18021 7ff7e71ef9d5 18015->18021 18026 7ff7e71efa15 18015->18026 18018 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18016->18018 18018->18030 18023 7ff7e71edc70 _get_daylight 11 API calls 18019->18023 18040 7ff7e71ef9e4 18019->18040 18020 7ff7e71eface 18029 7ff7e71efaeb 18020->18029 18037 7ff7e71efb3d 18020->18037 18154 7ff7e71e8448 18021->18154 18027 7ff7e71efa37 18023->18027 18025 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18025->18030 18026->18020 18026->18040 18160 7ff7e71f63dc 18026->18160 18031 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18027->18031 18034 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18029->18034 18035 7ff7e71efa45 18031->18035 18032 7ff7e71ef9df 18036 7ff7e71e4374 _get_daylight 11 API calls 18032->18036 18033 7ff7e71ef9fd 18033->18026 18039 7ff7e71efff4 45 API calls 18033->18039 18038 7ff7e71efaf4 18034->18038 18035->18026 18035->18040 18043 7ff7e71edc70 _get_daylight 11 API calls 18035->18043 18036->18040 18037->18040 18041 7ff7e71f242c 40 API calls 18037->18041 18050 7ff7e71efaf9 18038->18050 18196 7ff7e71f242c 18038->18196 18039->18026 18040->18025 18042 7ff7e71efb7a 18041->18042 18044 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18042->18044 18046 7ff7e71efa67 18043->18046 18048 7ff7e71efb84 18044->18048 18047 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18046->18047 18047->18026 18048->18040 18048->18050 18049 7ff7e71efc40 18052 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18049->18052 18050->18049 18054 7ff7e71edc70 _get_daylight 11 API calls 18050->18054 18051 7ff7e71efb25 18053 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18051->18053 18052->18030 18053->18050 18055 7ff7e71efbc8 18054->18055 18056 7ff7e71efbd0 18055->18056 18057 7ff7e71efbd9 18055->18057 18059 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18056->18059 18058 7ff7e71e90dc __std_exception_copy 37 API calls 18057->18058 18060 7ff7e71efbe8 18058->18060 18061 7ff7e71efbd7 18059->18061 18062 7ff7e71efbf0 18060->18062 18063 7ff7e71efc7b 18060->18063 18066 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18061->18066 18205 7ff7e71f64f4 18062->18205 18065 7ff7e71e9d00 _wfindfirst32i64 17 API calls 18063->18065 18068 7ff7e71efc8f 18065->18068 18066->18030 18071 7ff7e71efcb8 18068->18071 18077 7ff7e71efcc8 18068->18077 18069 7ff7e71efc17 18072 7ff7e71e4374 _get_daylight 11 API calls 18069->18072 18070 7ff7e71efc38 18074 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18070->18074 18073 7ff7e71e4374 _get_daylight 11 API calls 18071->18073 18075 7ff7e71efc1c 18072->18075 18076 7ff7e71efcbd 18073->18076 18074->18049 18079 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18075->18079 18078 7ff7e71effab 18077->18078 18080 7ff7e71efcea 18077->18080 18081 7ff7e71e4374 _get_daylight 11 API calls 18078->18081 18079->18061 18082 7ff7e71efd07 18080->18082 18224 7ff7e71f00dc 18080->18224 18083 7ff7e71effb0 18081->18083 18086 7ff7e71efd7b 18082->18086 18087 7ff7e71efd6f 18082->18087 18089 7ff7e71efd2f 18082->18089 18085 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18083->18085 18085->18076 18088 7ff7e71efd3e 18086->18088 18095 7ff7e71edc70 _get_daylight 11 API calls 18086->18095 18109 7ff7e71efda3 18086->18109 18087->18088 18104 7ff7e71efe2e 18087->18104 18245 7ff7e71f629c 18087->18245 18094 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18088->18094 18239 7ff7e71e8484 18089->18239 18092 7ff7e71efe9e 18092->18088 18110 7ff7e71f242c 40 API calls 18092->18110 18093 7ff7e71edc70 _get_daylight 11 API calls 18098 7ff7e71efdc5 18093->18098 18094->18076 18099 7ff7e71efd95 18095->18099 18097 7ff7e71efe4b 18101 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18097->18101 18102 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18098->18102 18105 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18099->18105 18100 7ff7e71efd39 18106 7ff7e71e4374 _get_daylight 11 API calls 18100->18106 18107 7ff7e71efe54 18101->18107 18102->18087 18103 7ff7e71efd57 18103->18087 18108 7ff7e71f00dc 45 API calls 18103->18108 18104->18092 18104->18097 18105->18109 18106->18088 18113 7ff7e71f242c 40 API calls 18107->18113 18116 7ff7e71efe5a 18107->18116 18108->18087 18109->18087 18109->18088 18109->18093 18111 7ff7e71efedc 18110->18111 18112 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18111->18112 18114 7ff7e71efee6 18112->18114 18117 7ff7e71efe86 18113->18117 18114->18088 18114->18116 18115 7ff7e71eff9f 18118 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18115->18118 18116->18115 18120 7ff7e71edc70 _get_daylight 11 API calls 18116->18120 18119 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18117->18119 18118->18076 18119->18116 18121 7ff7e71eff2b 18120->18121 18122 7ff7e71eff33 18121->18122 18123 7ff7e71eff3c 18121->18123 18124 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18122->18124 18125 7ff7e71ef854 _wfindfirst32i64 37 API calls 18123->18125 18126 7ff7e71eff3a 18124->18126 18127 7ff7e71eff4a 18125->18127 18133 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18126->18133 18128 7ff7e71eff52 SetEnvironmentVariableW 18127->18128 18129 7ff7e71effdf 18127->18129 18130 7ff7e71eff76 18128->18130 18131 7ff7e71eff97 18128->18131 18132 7ff7e71e9d00 _wfindfirst32i64 17 API calls 18129->18132 18134 7ff7e71e4374 _get_daylight 11 API calls 18130->18134 18136 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18131->18136 18135 7ff7e71efff3 18132->18135 18133->18076 18137 7ff7e71eff7b 18134->18137 18136->18115 18138 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18137->18138 18138->18126 18140 7ff7e71f0029 18139->18140 18141 7ff7e71f0011 18139->18141 18140->18140 18142 7ff7e71edc70 _get_daylight 11 API calls 18140->18142 18141->18015 18149 7ff7e71f004d 18142->18149 18143 7ff7e71f00d2 18145 7ff7e71e913c __GetCurrentState 45 API calls 18143->18145 18144 7ff7e71f00ae 18146 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18144->18146 18147 7ff7e71f00d8 18145->18147 18146->18141 18148 7ff7e71edc70 _get_daylight 11 API calls 18148->18149 18149->18143 18149->18144 18149->18148 18150 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18149->18150 18151 7ff7e71e90dc __std_exception_copy 37 API calls 18149->18151 18152 7ff7e71f00bd 18149->18152 18150->18149 18151->18149 18153 7ff7e71e9d00 _wfindfirst32i64 17 API calls 18152->18153 18153->18143 18155 7ff7e71e8458 18154->18155 18158 7ff7e71e8461 18154->18158 18155->18158 18269 7ff7e71e7f20 18155->18269 18158->18032 18158->18033 18161 7ff7e71f558c 18160->18161 18162 7ff7e71f63e9 18160->18162 18163 7ff7e71f5599 18161->18163 18171 7ff7e71f55cf 18161->18171 18164 7ff7e71e494c 45 API calls 18162->18164 18166 7ff7e71e4374 _get_daylight 11 API calls 18163->18166 18170 7ff7e71f5540 18163->18170 18165 7ff7e71f641d 18164->18165 18172 7ff7e71f6433 18165->18172 18176 7ff7e71f644a 18165->18176 18191 7ff7e71f6422 18165->18191 18168 7ff7e71f55a3 18166->18168 18167 7ff7e71f55f9 18169 7ff7e71e4374 _get_daylight 11 API calls 18167->18169 18173 7ff7e71e9ce0 _invalid_parameter_noinfo 37 API calls 18168->18173 18174 7ff7e71f55fe 18169->18174 18170->18026 18171->18167 18175 7ff7e71f561e 18171->18175 18177 7ff7e71e4374 _get_daylight 11 API calls 18172->18177 18178 7ff7e71f55ae 18173->18178 18179 7ff7e71e9ce0 _invalid_parameter_noinfo 37 API calls 18174->18179 18180 7ff7e71e494c 45 API calls 18175->18180 18186 7ff7e71f5609 18175->18186 18182 7ff7e71f6466 18176->18182 18183 7ff7e71f6454 18176->18183 18181 7ff7e71f6438 18177->18181 18178->18026 18179->18186 18180->18186 18187 7ff7e71e9ce0 _invalid_parameter_noinfo 37 API calls 18181->18187 18184 7ff7e71f648e 18182->18184 18185 7ff7e71f6477 18182->18185 18188 7ff7e71e4374 _get_daylight 11 API calls 18183->18188 18516 7ff7e71f82b8 18184->18516 18507 7ff7e71f55dc 18185->18507 18186->18026 18187->18191 18192 7ff7e71f6459 18188->18192 18191->18026 18194 7ff7e71e9ce0 _invalid_parameter_noinfo 37 API calls 18192->18194 18194->18191 18195 7ff7e71e4374 _get_daylight 11 API calls 18195->18191 18197 7ff7e71f244e 18196->18197 18198 7ff7e71f246b 18196->18198 18197->18198 18199 7ff7e71f245c 18197->18199 18203 7ff7e71f2475 18198->18203 18556 7ff7e71f6ee8 18198->18556 18200 7ff7e71e4374 _get_daylight 11 API calls 18199->18200 18204 7ff7e71f2461 __scrt_get_show_window_mode 18200->18204 18563 7ff7e71ef8bc 18203->18563 18204->18051 18206 7ff7e71e494c 45 API calls 18205->18206 18207 7ff7e71f655a 18206->18207 18208 7ff7e71f6568 18207->18208 18209 7ff7e71edefc 5 API calls 18207->18209 18210 7ff7e71e4434 14 API calls 18208->18210 18209->18208 18211 7ff7e71f65c4 18210->18211 18212 7ff7e71f6654 18211->18212 18213 7ff7e71e494c 45 API calls 18211->18213 18215 7ff7e71f6665 18212->18215 18216 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18212->18216 18214 7ff7e71f65d7 18213->18214 18218 7ff7e71edefc 5 API calls 18214->18218 18221 7ff7e71f65e0 18214->18221 18217 7ff7e71efc13 18215->18217 18219 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18215->18219 18216->18215 18217->18069 18217->18070 18218->18221 18219->18217 18220 7ff7e71e4434 14 API calls 18222 7ff7e71f663b 18220->18222 18221->18220 18222->18212 18223 7ff7e71f6643 SetEnvironmentVariableW 18222->18223 18223->18212 18225 7ff7e71f00ff 18224->18225 18226 7ff7e71f011c 18224->18226 18225->18082 18227 7ff7e71edc70 _get_daylight 11 API calls 18226->18227 18233 7ff7e71f0140 18227->18233 18228 7ff7e71f01a1 18230 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18228->18230 18229 7ff7e71e913c __GetCurrentState 45 API calls 18231 7ff7e71f01ca 18229->18231 18230->18225 18232 7ff7e71edc70 _get_daylight 11 API calls 18232->18233 18233->18228 18233->18232 18234 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18233->18234 18235 7ff7e71ef854 _wfindfirst32i64 37 API calls 18233->18235 18236 7ff7e71f01b0 18233->18236 18238 7ff7e71f01c4 18233->18238 18234->18233 18235->18233 18237 7ff7e71e9d00 _wfindfirst32i64 17 API calls 18236->18237 18237->18238 18238->18229 18240 7ff7e71e8494 18239->18240 18241 7ff7e71e849d 18239->18241 18240->18241 18575 7ff7e71e7f94 18240->18575 18241->18100 18241->18103 18246 7ff7e71f62a9 18245->18246 18249 7ff7e71f62d6 18245->18249 18247 7ff7e71f62ae 18246->18247 18246->18249 18248 7ff7e71e4374 _get_daylight 11 API calls 18247->18248 18251 7ff7e71f62b3 18248->18251 18250 7ff7e71f631a 18249->18250 18253 7ff7e71f6339 18249->18253 18265 7ff7e71f630e __crtLCMapStringW 18249->18265 18252 7ff7e71e4374 _get_daylight 11 API calls 18250->18252 18254 7ff7e71e9ce0 _invalid_parameter_noinfo 37 API calls 18251->18254 18255 7ff7e71f631f 18252->18255 18256 7ff7e71f6355 18253->18256 18257 7ff7e71f6343 18253->18257 18258 7ff7e71f62be 18254->18258 18261 7ff7e71e9ce0 _invalid_parameter_noinfo 37 API calls 18255->18261 18260 7ff7e71e494c 45 API calls 18256->18260 18259 7ff7e71e4374 _get_daylight 11 API calls 18257->18259 18258->18087 18262 7ff7e71f6348 18259->18262 18263 7ff7e71f6362 18260->18263 18261->18265 18264 7ff7e71e9ce0 _invalid_parameter_noinfo 37 API calls 18262->18264 18263->18265 18622 7ff7e71f7e74 18263->18622 18264->18265 18265->18087 18268 7ff7e71e4374 _get_daylight 11 API calls 18268->18265 18270 7ff7e71e7f39 18269->18270 18280 7ff7e71e7f35 18269->18280 18292 7ff7e71f1660 18270->18292 18275 7ff7e71e7f4b 18277 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18275->18277 18276 7ff7e71e7f57 18318 7ff7e71e8004 18276->18318 18277->18280 18280->18158 18284 7ff7e71e8274 18280->18284 18281 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18282 7ff7e71e7f7e 18281->18282 18283 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18282->18283 18283->18280 18289 7ff7e71e829d 18284->18289 18290 7ff7e71e82b6 18284->18290 18285 7ff7e71eefe8 WideCharToMultiByte 18285->18290 18286 7ff7e71edc70 _get_daylight 11 API calls 18286->18290 18287 7ff7e71e8346 18288 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18287->18288 18288->18289 18289->18158 18290->18285 18290->18286 18290->18287 18290->18289 18291 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18290->18291 18291->18290 18293 7ff7e71f166d 18292->18293 18294 7ff7e71e7f3e 18292->18294 18337 7ff7e71ea624 18293->18337 18298 7ff7e71f199c GetEnvironmentStringsW 18294->18298 18299 7ff7e71e7f43 18298->18299 18300 7ff7e71f19cc 18298->18300 18299->18275 18299->18276 18301 7ff7e71eefe8 WideCharToMultiByte 18300->18301 18302 7ff7e71f1a1d 18301->18302 18303 7ff7e71f1a24 FreeEnvironmentStringsW 18302->18303 18304 7ff7e71ec9fc _fread_nolock 12 API calls 18302->18304 18303->18299 18305 7ff7e71f1a37 18304->18305 18306 7ff7e71f1a3f 18305->18306 18307 7ff7e71f1a48 18305->18307 18308 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18306->18308 18309 7ff7e71eefe8 WideCharToMultiByte 18307->18309 18310 7ff7e71f1a46 18308->18310 18311 7ff7e71f1a6b 18309->18311 18310->18303 18312 7ff7e71f1a6f 18311->18312 18313 7ff7e71f1a79 18311->18313 18314 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18312->18314 18315 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18313->18315 18316 7ff7e71f1a77 FreeEnvironmentStringsW 18314->18316 18315->18316 18316->18299 18319 7ff7e71e8029 18318->18319 18320 7ff7e71edc70 _get_daylight 11 API calls 18319->18320 18332 7ff7e71e805f 18320->18332 18321 7ff7e71e8067 18322 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18321->18322 18323 7ff7e71e7f5f 18322->18323 18323->18281 18324 7ff7e71e80da 18325 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18324->18325 18325->18323 18326 7ff7e71edc70 _get_daylight 11 API calls 18326->18332 18327 7ff7e71e80c9 18501 7ff7e71e8230 18327->18501 18329 7ff7e71e90dc __std_exception_copy 37 API calls 18329->18332 18331 7ff7e71e80ff 18335 7ff7e71e9d00 _wfindfirst32i64 17 API calls 18331->18335 18332->18321 18332->18324 18332->18326 18332->18327 18332->18329 18332->18331 18334 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18332->18334 18333 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18333->18321 18334->18332 18336 7ff7e71e8112 18335->18336 18338 7ff7e71ea635 FlsGetValue 18337->18338 18339 7ff7e71ea650 FlsSetValue 18337->18339 18340 7ff7e71ea642 18338->18340 18341 7ff7e71ea64a 18338->18341 18339->18340 18342 7ff7e71ea65d 18339->18342 18343 7ff7e71ea648 18340->18343 18344 7ff7e71e913c __GetCurrentState 45 API calls 18340->18344 18341->18339 18345 7ff7e71edc70 _get_daylight 11 API calls 18342->18345 18357 7ff7e71f1334 18343->18357 18346 7ff7e71ea6c5 18344->18346 18347 7ff7e71ea66c 18345->18347 18348 7ff7e71ea68a FlsSetValue 18347->18348 18349 7ff7e71ea67a FlsSetValue 18347->18349 18350 7ff7e71ea696 FlsSetValue 18348->18350 18351 7ff7e71ea6a8 18348->18351 18352 7ff7e71ea683 18349->18352 18350->18352 18354 7ff7e71ea2f4 _get_daylight 11 API calls 18351->18354 18353 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18352->18353 18353->18340 18355 7ff7e71ea6b0 18354->18355 18356 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18355->18356 18356->18343 18380 7ff7e71f15a4 18357->18380 18359 7ff7e71f1369 18395 7ff7e71f1034 18359->18395 18362 7ff7e71ec9fc _fread_nolock 12 API calls 18363 7ff7e71f1397 18362->18363 18364 7ff7e71f139f 18363->18364 18367 7ff7e71f13ae 18363->18367 18365 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18364->18365 18366 7ff7e71f1386 18365->18366 18366->18294 18402 7ff7e71f16dc 18367->18402 18370 7ff7e71f14aa 18371 7ff7e71e4374 _get_daylight 11 API calls 18370->18371 18373 7ff7e71f14af 18371->18373 18372 7ff7e71f1505 18375 7ff7e71f156c 18372->18375 18413 7ff7e71f0e64 18372->18413 18376 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18373->18376 18374 7ff7e71f14c4 18374->18372 18377 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18374->18377 18379 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18375->18379 18376->18366 18377->18372 18379->18366 18381 7ff7e71f15c7 18380->18381 18382 7ff7e71f15d1 18381->18382 18428 7ff7e71ef6b8 EnterCriticalSection 18381->18428 18384 7ff7e71f1643 18382->18384 18387 7ff7e71e913c __GetCurrentState 45 API calls 18382->18387 18384->18359 18388 7ff7e71f165b 18387->18388 18390 7ff7e71f16b2 18388->18390 18392 7ff7e71ea624 50 API calls 18388->18392 18390->18359 18393 7ff7e71f169c 18392->18393 18394 7ff7e71f1334 65 API calls 18393->18394 18394->18390 18396 7ff7e71e494c 45 API calls 18395->18396 18397 7ff7e71f1048 18396->18397 18398 7ff7e71f1066 18397->18398 18399 7ff7e71f1054 GetOEMCP 18397->18399 18400 7ff7e71f107b 18398->18400 18401 7ff7e71f106b GetACP 18398->18401 18399->18400 18400->18362 18400->18366 18401->18400 18403 7ff7e71f1034 47 API calls 18402->18403 18404 7ff7e71f1709 18403->18404 18405 7ff7e71f185f 18404->18405 18406 7ff7e71f1746 IsValidCodePage 18404->18406 18412 7ff7e71f1760 __scrt_get_show_window_mode 18404->18412 18407 7ff7e71dacd0 _wfindfirst32i64 8 API calls 18405->18407 18406->18405 18408 7ff7e71f1757 18406->18408 18409 7ff7e71f14a1 18407->18409 18410 7ff7e71f1786 GetCPInfo 18408->18410 18408->18412 18409->18370 18409->18374 18410->18405 18410->18412 18429 7ff7e71f114c 18412->18429 18500 7ff7e71ef6b8 EnterCriticalSection 18413->18500 18430 7ff7e71f1189 GetCPInfo 18429->18430 18431 7ff7e71f127f 18429->18431 18430->18431 18437 7ff7e71f119c 18430->18437 18432 7ff7e71dacd0 _wfindfirst32i64 8 API calls 18431->18432 18434 7ff7e71f131e 18432->18434 18434->18405 18440 7ff7e71f1e90 18437->18440 18439 7ff7e71f6e34 54 API calls 18439->18431 18441 7ff7e71e494c 45 API calls 18440->18441 18442 7ff7e71f1ed2 18441->18442 18443 7ff7e71ee720 _fread_nolock MultiByteToWideChar 18442->18443 18444 7ff7e71f1f08 18443->18444 18445 7ff7e71f1f0f 18444->18445 18446 7ff7e71f1fcc 18444->18446 18447 7ff7e71ec9fc _fread_nolock 12 API calls 18444->18447 18451 7ff7e71f1f38 __scrt_get_show_window_mode 18444->18451 18448 7ff7e71dacd0 _wfindfirst32i64 8 API calls 18445->18448 18446->18445 18450 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18446->18450 18447->18451 18449 7ff7e71f1213 18448->18449 18455 7ff7e71f6e34 18449->18455 18450->18445 18451->18446 18452 7ff7e71ee720 _fread_nolock MultiByteToWideChar 18451->18452 18453 7ff7e71f1fae 18452->18453 18453->18446 18454 7ff7e71f1fb2 GetStringTypeW 18453->18454 18454->18446 18456 7ff7e71e494c 45 API calls 18455->18456 18457 7ff7e71f6e59 18456->18457 18460 7ff7e71f6b00 18457->18460 18461 7ff7e71f6b41 18460->18461 18462 7ff7e71ee720 _fread_nolock MultiByteToWideChar 18461->18462 18467 7ff7e71f6b8b 18462->18467 18463 7ff7e71f6e09 18464 7ff7e71dacd0 _wfindfirst32i64 8 API calls 18463->18464 18466 7ff7e71f1246 18464->18466 18465 7ff7e71f6cc1 18465->18463 18470 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18465->18470 18466->18439 18467->18463 18467->18465 18468 7ff7e71ec9fc _fread_nolock 12 API calls 18467->18468 18469 7ff7e71f6bc3 18467->18469 18468->18469 18469->18465 18471 7ff7e71ee720 _fread_nolock MultiByteToWideChar 18469->18471 18470->18463 18472 7ff7e71f6c36 18471->18472 18472->18465 18491 7ff7e71ee0bc 18472->18491 18475 7ff7e71f6c81 18475->18465 18478 7ff7e71ee0bc __crtLCMapStringW 6 API calls 18475->18478 18476 7ff7e71f6cd2 18477 7ff7e71ec9fc _fread_nolock 12 API calls 18476->18477 18480 7ff7e71f6cf0 18476->18480 18489 7ff7e71f6da4 18476->18489 18477->18480 18478->18465 18479 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18479->18465 18480->18465 18481 7ff7e71ee0bc __crtLCMapStringW 6 API calls 18480->18481 18482 7ff7e71f6d70 18481->18482 18483 7ff7e71f6da6 18482->18483 18484 7ff7e71f6d90 18482->18484 18482->18489 18486 7ff7e71eefe8 WideCharToMultiByte 18483->18486 18485 7ff7e71eefe8 WideCharToMultiByte 18484->18485 18487 7ff7e71f6d9e 18485->18487 18486->18487 18488 7ff7e71f6dbe 18487->18488 18487->18489 18488->18465 18490 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18488->18490 18489->18465 18489->18479 18490->18465 18492 7ff7e71edce8 __crtLCMapStringW 5 API calls 18491->18492 18493 7ff7e71ee0fa 18492->18493 18494 7ff7e71ee102 18493->18494 18497 7ff7e71ee1a8 18493->18497 18494->18465 18494->18475 18494->18476 18496 7ff7e71ee16b LCMapStringW 18496->18494 18498 7ff7e71edce8 __crtLCMapStringW 5 API calls 18497->18498 18499 7ff7e71ee1d6 __crtLCMapStringW 18498->18499 18499->18496 18502 7ff7e71e8235 18501->18502 18506 7ff7e71e80d1 18501->18506 18503 7ff7e71e825e 18502->18503 18505 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18502->18505 18504 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18503->18504 18504->18506 18505->18502 18506->18333 18508 7ff7e71f5610 18507->18508 18509 7ff7e71f55f9 18507->18509 18508->18509 18512 7ff7e71f561e 18508->18512 18510 7ff7e71e4374 _get_daylight 11 API calls 18509->18510 18511 7ff7e71f55fe 18510->18511 18513 7ff7e71e9ce0 _invalid_parameter_noinfo 37 API calls 18511->18513 18514 7ff7e71e494c 45 API calls 18512->18514 18515 7ff7e71f5609 18512->18515 18513->18515 18514->18515 18515->18191 18517 7ff7e71e494c 45 API calls 18516->18517 18518 7ff7e71f82dd 18517->18518 18521 7ff7e71f7f34 18518->18521 18523 7ff7e71f7f82 18521->18523 18522 7ff7e71dacd0 _wfindfirst32i64 8 API calls 18524 7ff7e71f64b5 18522->18524 18525 7ff7e71f8009 18523->18525 18528 7ff7e71f7ff4 GetCPInfo 18523->18528 18530 7ff7e71f800d 18523->18530 18524->18191 18524->18195 18526 7ff7e71ee720 _fread_nolock MultiByteToWideChar 18525->18526 18525->18530 18527 7ff7e71f80a1 18526->18527 18529 7ff7e71ec9fc _fread_nolock 12 API calls 18527->18529 18527->18530 18531 7ff7e71f80d8 18527->18531 18528->18525 18528->18530 18529->18531 18530->18522 18531->18530 18532 7ff7e71ee720 _fread_nolock MultiByteToWideChar 18531->18532 18533 7ff7e71f8146 18532->18533 18534 7ff7e71f8228 18533->18534 18535 7ff7e71ee720 _fread_nolock MultiByteToWideChar 18533->18535 18534->18530 18536 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18534->18536 18537 7ff7e71f816c 18535->18537 18536->18530 18537->18534 18538 7ff7e71ec9fc _fread_nolock 12 API calls 18537->18538 18539 7ff7e71f8199 18537->18539 18538->18539 18539->18534 18540 7ff7e71ee720 _fread_nolock MultiByteToWideChar 18539->18540 18541 7ff7e71f8210 18540->18541 18542 7ff7e71f8216 18541->18542 18543 7ff7e71f8230 18541->18543 18542->18534 18545 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18542->18545 18550 7ff7e71edf40 18543->18550 18545->18534 18547 7ff7e71f826f 18547->18530 18549 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18547->18549 18548 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18548->18547 18549->18530 18551 7ff7e71edce8 __crtLCMapStringW 5 API calls 18550->18551 18552 7ff7e71edf7e 18551->18552 18553 7ff7e71edf86 18552->18553 18554 7ff7e71ee1a8 __crtLCMapStringW 5 API calls 18552->18554 18553->18547 18553->18548 18555 7ff7e71edfef CompareStringW 18554->18555 18555->18553 18557 7ff7e71f6ef1 18556->18557 18558 7ff7e71f6f0a HeapSize 18556->18558 18559 7ff7e71e4374 _get_daylight 11 API calls 18557->18559 18560 7ff7e71f6ef6 18559->18560 18561 7ff7e71e9ce0 _invalid_parameter_noinfo 37 API calls 18560->18561 18562 7ff7e71f6f01 18561->18562 18562->18203 18564 7ff7e71ef8d1 18563->18564 18565 7ff7e71ef8db 18563->18565 18566 7ff7e71ec9fc _fread_nolock 12 API calls 18564->18566 18567 7ff7e71ef8e0 18565->18567 18573 7ff7e71ef8e7 _get_daylight 18565->18573 18571 7ff7e71ef8d9 18566->18571 18568 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18567->18568 18568->18571 18569 7ff7e71ef8ed 18572 7ff7e71e4374 _get_daylight 11 API calls 18569->18572 18570 7ff7e71ef91a HeapReAlloc 18570->18571 18570->18573 18571->18204 18572->18571 18573->18569 18573->18570 18574 7ff7e71f25e0 _get_daylight 2 API calls 18573->18574 18574->18573 18576 7ff7e71e7fad 18575->18576 18584 7ff7e71e7fa9 18575->18584 18596 7ff7e71f1aac GetEnvironmentStringsW 18576->18596 18579 7ff7e71e7fc6 18603 7ff7e71e8114 18579->18603 18580 7ff7e71e7fba 18581 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18580->18581 18581->18584 18584->18241 18588 7ff7e71e8354 18584->18588 18585 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18586 7ff7e71e7fed 18585->18586 18587 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18586->18587 18587->18584 18589 7ff7e71e8377 18588->18589 18594 7ff7e71e838e 18588->18594 18589->18241 18590 7ff7e71ee720 MultiByteToWideChar _fread_nolock 18590->18594 18591 7ff7e71edc70 _get_daylight 11 API calls 18591->18594 18592 7ff7e71e8402 18593 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18592->18593 18593->18589 18594->18589 18594->18590 18594->18591 18594->18592 18595 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18594->18595 18595->18594 18597 7ff7e71e7fb2 18596->18597 18598 7ff7e71f1ad0 18596->18598 18597->18579 18597->18580 18599 7ff7e71ec9fc _fread_nolock 12 API calls 18598->18599 18601 7ff7e71f1b07 memcpy_s 18599->18601 18600 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18602 7ff7e71f1b27 FreeEnvironmentStringsW 18600->18602 18601->18600 18602->18597 18604 7ff7e71e813c 18603->18604 18605 7ff7e71edc70 _get_daylight 11 API calls 18604->18605 18615 7ff7e71e8177 18605->18615 18606 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18608 7ff7e71e7fce 18606->18608 18607 7ff7e71e81f9 18609 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18607->18609 18608->18585 18609->18608 18610 7ff7e71edc70 _get_daylight 11 API calls 18610->18615 18611 7ff7e71e81e8 18613 7ff7e71e8230 11 API calls 18611->18613 18612 7ff7e71ef854 _wfindfirst32i64 37 API calls 18612->18615 18614 7ff7e71e81f0 18613->18614 18617 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18614->18617 18615->18607 18615->18610 18615->18611 18615->18612 18616 7ff7e71e821c 18615->18616 18618 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18615->18618 18619 7ff7e71e817f 18615->18619 18620 7ff7e71e9d00 _wfindfirst32i64 17 API calls 18616->18620 18617->18619 18618->18615 18619->18606 18621 7ff7e71e822e 18620->18621 18623 7ff7e71f7e9d __crtLCMapStringW 18622->18623 18624 7ff7e71f639e 18623->18624 18625 7ff7e71edf40 6 API calls 18623->18625 18624->18265 18624->18268 18625->18624 18626 7ff7e71dad50 18627 7ff7e71dad60 18626->18627 18643 7ff7e71e56cc 18627->18643 18629 7ff7e71dad6c 18649 7ff7e71db2f8 18629->18649 18631 7ff7e71db5dc 7 API calls 18632 7ff7e71dae05 18631->18632 18633 7ff7e71dad84 _RTC_Initialize 18641 7ff7e71dadd9 18633->18641 18654 7ff7e71db4a8 18633->18654 18635 7ff7e71dad99 18657 7ff7e71e7d9c 18635->18657 18641->18631 18642 7ff7e71dadf5 18641->18642 18644 7ff7e71e56dd 18643->18644 18645 7ff7e71e56e5 18644->18645 18646 7ff7e71e4374 _get_daylight 11 API calls 18644->18646 18645->18629 18647 7ff7e71e56f4 18646->18647 18648 7ff7e71e9ce0 _invalid_parameter_noinfo 37 API calls 18647->18648 18648->18645 18650 7ff7e71db309 18649->18650 18653 7ff7e71db30e __scrt_acquire_startup_lock 18649->18653 18651 7ff7e71db5dc 7 API calls 18650->18651 18650->18653 18652 7ff7e71db382 18651->18652 18653->18633 18682 7ff7e71db46c 18654->18682 18656 7ff7e71db4b1 18656->18635 18658 7ff7e71e7dbc 18657->18658 18680 7ff7e71dada5 18657->18680 18659 7ff7e71e7dc4 18658->18659 18660 7ff7e71e7dda GetModuleFileNameW 18658->18660 18661 7ff7e71e4374 _get_daylight 11 API calls 18659->18661 18664 7ff7e71e7e05 18660->18664 18662 7ff7e71e7dc9 18661->18662 18663 7ff7e71e9ce0 _invalid_parameter_noinfo 37 API calls 18662->18663 18663->18680 18697 7ff7e71e7d3c 18664->18697 18667 7ff7e71e7e4d 18668 7ff7e71e4374 _get_daylight 11 API calls 18667->18668 18669 7ff7e71e7e52 18668->18669 18671 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18669->18671 18670 7ff7e71e7e87 18673 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18670->18673 18671->18680 18672 7ff7e71e7e65 18672->18670 18674 7ff7e71e7eb3 18672->18674 18675 7ff7e71e7ecc 18672->18675 18673->18680 18676 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18674->18676 18678 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18675->18678 18677 7ff7e71e7ebc 18676->18677 18679 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18677->18679 18678->18670 18679->18680 18680->18641 18681 7ff7e71db57c InitializeSListHead 18680->18681 18683 7ff7e71db486 18682->18683 18685 7ff7e71db47f 18682->18685 18686 7ff7e71e8e1c 18683->18686 18685->18656 18689 7ff7e71e8a58 18686->18689 18696 7ff7e71ef6b8 EnterCriticalSection 18689->18696 18698 7ff7e71e7d54 18697->18698 18702 7ff7e71e7d8c 18697->18702 18699 7ff7e71edc70 _get_daylight 11 API calls 18698->18699 18698->18702 18700 7ff7e71e7d82 18699->18700 18701 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18700->18701 18701->18702 18702->18667 18702->18672 19049 7ff7e71ea3d0 19050 7ff7e71ea3d5 19049->19050 19051 7ff7e71ea3ea 19049->19051 19055 7ff7e71ea3f0 19050->19055 19056 7ff7e71ea432 19055->19056 19057 7ff7e71ea43a 19055->19057 19058 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19056->19058 19059 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19057->19059 19058->19057 19060 7ff7e71ea447 19059->19060 19061 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19060->19061 19062 7ff7e71ea454 19061->19062 19063 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19062->19063 19064 7ff7e71ea461 19063->19064 19065 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19064->19065 19066 7ff7e71ea46e 19065->19066 19067 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19066->19067 19068 7ff7e71ea47b 19067->19068 19069 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19068->19069 19070 7ff7e71ea488 19069->19070 19071 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19070->19071 19072 7ff7e71ea495 19071->19072 19073 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19072->19073 19074 7ff7e71ea4a5 19073->19074 19075 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19074->19075 19076 7ff7e71ea4b5 19075->19076 19081 7ff7e71ea294 19076->19081 19095 7ff7e71ef6b8 EnterCriticalSection 19081->19095 14652 7ff7e71d9620 14653 7ff7e71d964e 14652->14653 14654 7ff7e71d9635 14652->14654 14654->14653 14657 7ff7e71ec9fc 14654->14657 14658 7ff7e71eca47 14657->14658 14662 7ff7e71eca0b _get_daylight 14657->14662 14667 7ff7e71e4374 14658->14667 14660 7ff7e71eca2e HeapAlloc 14661 7ff7e71d96ac 14660->14661 14660->14662 14662->14658 14662->14660 14664 7ff7e71f25e0 14662->14664 14670 7ff7e71f2620 14664->14670 14676 7ff7e71ea6c8 GetLastError 14667->14676 14669 7ff7e71e437d 14669->14661 14675 7ff7e71ef6b8 EnterCriticalSection 14670->14675 14677 7ff7e71ea709 FlsSetValue 14676->14677 14681 7ff7e71ea6ec 14676->14681 14678 7ff7e71ea71b 14677->14678 14690 7ff7e71ea6f9 SetLastError 14677->14690 14693 7ff7e71edc70 14678->14693 14681->14677 14681->14690 14683 7ff7e71ea748 FlsSetValue 14686 7ff7e71ea766 14683->14686 14687 7ff7e71ea754 FlsSetValue 14683->14687 14684 7ff7e71ea738 FlsSetValue 14685 7ff7e71ea741 14684->14685 14700 7ff7e71e9d48 14685->14700 14706 7ff7e71ea2f4 14686->14706 14687->14685 14690->14669 14698 7ff7e71edc81 _get_daylight 14693->14698 14694 7ff7e71edcd2 14696 7ff7e71e4374 _get_daylight 10 API calls 14694->14696 14695 7ff7e71edcb6 HeapAlloc 14697 7ff7e71ea72a 14695->14697 14695->14698 14696->14697 14697->14683 14697->14684 14698->14694 14698->14695 14699 7ff7e71f25e0 _get_daylight 2 API calls 14698->14699 14699->14698 14701 7ff7e71e9d7c 14700->14701 14702 7ff7e71e9d4d RtlFreeHeap 14700->14702 14701->14690 14702->14701 14703 7ff7e71e9d68 GetLastError 14702->14703 14704 7ff7e71e9d75 Concurrency::details::SchedulerProxy::DeleteThis 14703->14704 14705 7ff7e71e4374 _get_daylight 9 API calls 14704->14705 14705->14701 14711 7ff7e71ea1cc 14706->14711 14723 7ff7e71ef6b8 EnterCriticalSection 14711->14723 18720 7ff7e71f0720 18731 7ff7e71f6694 18720->18731 18732 7ff7e71f66a1 18731->18732 18733 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18732->18733 18734 7ff7e71f66bd 18732->18734 18733->18732 18735 7ff7e71e9d48 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18734->18735 18736 7ff7e71f0729 18734->18736 18735->18734 18737 7ff7e71ef6b8 EnterCriticalSection 18736->18737 18742 7ff7e71eb920 18753 7ff7e71ef6b8 EnterCriticalSection 18742->18753 18754 7ff7e71f9617 18755 7ff7e71f9626 18754->18755 18756 7ff7e71f9630 18754->18756 18758 7ff7e71ef718 LeaveCriticalSection 18755->18758 18791 7ff7e71f9582 18794 7ff7e71e4228 LeaveCriticalSection 18791->18794 18798 7ff7e71e8980 18801 7ff7e71e8900 18798->18801 18808 7ff7e71ef6b8 EnterCriticalSection 18801->18808 19155 7ff7e71f93fc 19156 7ff7e71f940c 19155->19156 19159 7ff7e71e4228 LeaveCriticalSection 19156->19159 17599 7ff7e71ee80c 17600 7ff7e71ee9fe 17599->17600 17602 7ff7e71ee84e _isindst 17599->17602 17601 7ff7e71e4374 _get_daylight 11 API calls 17600->17601 17619 7ff7e71ee9ee 17601->17619 17602->17600 17605 7ff7e71ee8ce _isindst 17602->17605 17603 7ff7e71dacd0 _wfindfirst32i64 8 API calls 17604 7ff7e71eea19 17603->17604 17620 7ff7e71f52e4 17605->17620 17610 7ff7e71eea2a 17612 7ff7e71e9d00 _wfindfirst32i64 17 API calls 17610->17612 17614 7ff7e71eea3e 17612->17614 17617 7ff7e71ee92b 17617->17619 17645 7ff7e71f5328 17617->17645 17619->17603 17621 7ff7e71f52f3 17620->17621 17622 7ff7e71ee8ec 17620->17622 17652 7ff7e71ef6b8 EnterCriticalSection 17621->17652 17627 7ff7e71f46e8 17622->17627 17628 7ff7e71f46f1 17627->17628 17629 7ff7e71ee901 17627->17629 17630 7ff7e71e4374 _get_daylight 11 API calls 17628->17630 17629->17610 17633 7ff7e71f4718 17629->17633 17631 7ff7e71f46f6 17630->17631 17632 7ff7e71e9ce0 _invalid_parameter_noinfo 37 API calls 17631->17632 17632->17629 17634 7ff7e71f4721 17633->17634 17635 7ff7e71ee912 17633->17635 17636 7ff7e71e4374 _get_daylight 11 API calls 17634->17636 17635->17610 17639 7ff7e71f4748 17635->17639 17637 7ff7e71f4726 17636->17637 17638 7ff7e71e9ce0 _invalid_parameter_noinfo 37 API calls 17637->17638 17638->17635 17640 7ff7e71f4751 17639->17640 17641 7ff7e71ee923 17639->17641 17642 7ff7e71e4374 _get_daylight 11 API calls 17640->17642 17641->17610 17641->17617 17643 7ff7e71f4756 17642->17643 17644 7ff7e71e9ce0 _invalid_parameter_noinfo 37 API calls 17643->17644 17644->17641 17653 7ff7e71ef6b8 EnterCriticalSection 17645->17653

                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                Function 00007FF7E71F4D50 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 135 7ff7e71f4d50-7ff7e71f4d8b call 7ff7e71f46d8 call 7ff7e71f46e0 call 7ff7e71f4748 142 7ff7e71f4fb5-7ff7e71f5001 call 7ff7e71e9d00 call 7ff7e71f46d8 call 7ff7e71f46e0 call 7ff7e71f4748 135->142 143 7ff7e71f4d91-7ff7e71f4d9c call 7ff7e71f46e8 135->143 170 7ff7e71f513f-7ff7e71f51ad call 7ff7e71e9d00 call 7ff7e71f05e8 142->170 171 7ff7e71f5007-7ff7e71f5012 call 7ff7e71f46e8 142->171 143->142 149 7ff7e71f4da2-7ff7e71f4dac 143->149 151 7ff7e71f4dce-7ff7e71f4dd2 149->151 152 7ff7e71f4dae-7ff7e71f4db1 149->152 153 7ff7e71f4dd5-7ff7e71f4ddd 151->153 155 7ff7e71f4db4-7ff7e71f4dbf 152->155 153->153 156 7ff7e71f4ddf-7ff7e71f4df2 call 7ff7e71ec9fc 153->156 158 7ff7e71f4dc1-7ff7e71f4dc8 155->158 159 7ff7e71f4dca-7ff7e71f4dcc 155->159 165 7ff7e71f4df4-7ff7e71f4df6 call 7ff7e71e9d48 156->165 166 7ff7e71f4e0a-7ff7e71f4e16 call 7ff7e71e9d48 156->166 158->155 158->159 159->151 160 7ff7e71f4dfb-7ff7e71f4e09 159->160 165->160 176 7ff7e71f4e1d-7ff7e71f4e25 166->176 189 7ff7e71f51af-7ff7e71f51b6 170->189 190 7ff7e71f51bb-7ff7e71f51be 170->190 171->170 180 7ff7e71f5018-7ff7e71f5023 call 7ff7e71f4718 171->180 176->176 179 7ff7e71f4e27-7ff7e71f4e38 call 7ff7e71ef854 176->179 179->142 187 7ff7e71f4e3e-7ff7e71f4e94 call 7ff7e71dc150 * 4 call 7ff7e71f4c6c 179->187 180->170 188 7ff7e71f5029-7ff7e71f504c call 7ff7e71e9d48 GetTimeZoneInformation 180->188 247 7ff7e71f4e96-7ff7e71f4e9a 187->247 203 7ff7e71f5114-7ff7e71f513e call 7ff7e71f46d0 call 7ff7e71f46c0 call 7ff7e71f46c8 188->203 204 7ff7e71f5052-7ff7e71f5073 188->204 193 7ff7e71f524b-7ff7e71f524e 189->193 194 7ff7e71f51f5-7ff7e71f5208 call 7ff7e71ec9fc 190->194 195 7ff7e71f51c0 190->195 199 7ff7e71f51c3 193->199 200 7ff7e71f5254-7ff7e71f525c call 7ff7e71f4d50 193->200 208 7ff7e71f5213-7ff7e71f522e call 7ff7e71f05e8 194->208 209 7ff7e71f520a 194->209 195->199 205 7ff7e71f51c8-7ff7e71f51f4 call 7ff7e71e9d48 call 7ff7e71dacd0 199->205 206 7ff7e71f51c3 call 7ff7e71f4fcc 199->206 200->205 211 7ff7e71f5075-7ff7e71f507b 204->211 212 7ff7e71f507e-7ff7e71f5085 204->212 206->205 232 7ff7e71f5235-7ff7e71f5247 call 7ff7e71e9d48 208->232 233 7ff7e71f5230-7ff7e71f5233 208->233 216 7ff7e71f520c-7ff7e71f5211 call 7ff7e71e9d48 209->216 211->212 219 7ff7e71f5099 212->219 220 7ff7e71f5087-7ff7e71f508f 212->220 216->195 225 7ff7e71f509b-7ff7e71f510f call 7ff7e71dc150 * 4 call 7ff7e71f1bac call 7ff7e71f5264 * 2 219->225 220->219 227 7ff7e71f5091-7ff7e71f5097 220->227 225->203 227->225 232->193 233->216 250 7ff7e71f4ea0-7ff7e71f4ea4 247->250 251 7ff7e71f4e9c 247->251 250->247 253 7ff7e71f4ea6-7ff7e71f4ecb call 7ff7e71f7b94 250->253 251->250 258 7ff7e71f4ece-7ff7e71f4ed2 253->258 260 7ff7e71f4ed4-7ff7e71f4edf 258->260 261 7ff7e71f4ee1-7ff7e71f4ee5 258->261 260->261 263 7ff7e71f4ee7-7ff7e71f4eeb 260->263 261->258 265 7ff7e71f4eed-7ff7e71f4f15 call 7ff7e71f7b94 263->265 266 7ff7e71f4f6c-7ff7e71f4f70 263->266 275 7ff7e71f4f33-7ff7e71f4f37 265->275 276 7ff7e71f4f17 265->276 268 7ff7e71f4f72-7ff7e71f4f74 266->268 269 7ff7e71f4f77-7ff7e71f4f84 266->269 268->269 271 7ff7e71f4f86-7ff7e71f4f9c call 7ff7e71f4c6c 269->271 272 7ff7e71f4f9f-7ff7e71f4fae call 7ff7e71f46d0 call 7ff7e71f46c0 269->272 271->272 272->142 275->266 281 7ff7e71f4f39-7ff7e71f4f57 call 7ff7e71f7b94 275->281 279 7ff7e71f4f1a-7ff7e71f4f21 276->279 279->275 282 7ff7e71f4f23-7ff7e71f4f31 279->282 287 7ff7e71f4f63-7ff7e71f4f6a 281->287 282->275 282->279 287->266 288 7ff7e71f4f59-7ff7e71f4f5d 287->288 288->266 289 7ff7e71f4f5f 288->289 289->287
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7E71F4D95
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71F46E8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E71F46FC
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71E9D48: RtlFreeHeap.NTDLL(?,?,?,00007FF7E71F1D72,?,?,?,00007FF7E71F1DAF,?,?,00000000,00007FF7E71F2275,?,?,?,00007FF7E71F21A7), ref: 00007FF7E71E9D5E
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71E9D48: GetLastError.KERNEL32(?,?,?,00007FF7E71F1D72,?,?,?,00007FF7E71F1DAF,?,?,00000000,00007FF7E71F2275,?,?,?,00007FF7E71F21A7), ref: 00007FF7E71E9D68
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71E9D00: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7E71E9CDF,?,?,?,?,?,00007FF7E71E211C), ref: 00007FF7E71E9D09
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71E9D00: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7E71E9CDF,?,?,?,?,?,00007FF7E71E211C), ref: 00007FF7E71E9D2E
                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7E71F4D84
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71F4748: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E71F475C
                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7E71F4FFA
                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7E71F500B
                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7E71F501C
                                                                                                                                                                                                                                • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7E71F525C), ref: 00007FF7E71F5043
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                                • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                • API String ID: 4070488512-239921721
                                                                                                                                                                                                                                • Opcode ID: 3cbab8ded4b22c9ecff02dc7d03bcb7a7c6bdc9119315e29a6b66e941e77c5ab
                                                                                                                                                                                                                                • Instruction ID: 65339d913b94eb0a5e10f87a0746d84686f3380d16f0c102bb8684e649c7dbf7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3cbab8ded4b22c9ecff02dc7d03bcb7a7c6bdc9119315e29a6b66e941e77c5ab
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DBD1CF26A0875286E728BF25E8403B9A261FFC4794F844137EF6D47686DF3CE4538762
                                                                                                                                                                                                                                Function 00007FF7E71F5C9C Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 320 7ff7e71f5c9c-7ff7e71f5d0f call 7ff7e71f59d0 323 7ff7e71f5d11-7ff7e71f5d1a call 7ff7e71e4354 320->323 324 7ff7e71f5d29-7ff7e71f5d33 call 7ff7e71e6c2c 320->324 329 7ff7e71f5d1d-7ff7e71f5d24 call 7ff7e71e4374 323->329 330 7ff7e71f5d35-7ff7e71f5d4c call 7ff7e71e4354 call 7ff7e71e4374 324->330 331 7ff7e71f5d4e-7ff7e71f5db7 CreateFileW 324->331 347 7ff7e71f606a-7ff7e71f608a 329->347 330->329 332 7ff7e71f5e34-7ff7e71f5e3f GetFileType 331->332 333 7ff7e71f5db9-7ff7e71f5dbf 331->333 340 7ff7e71f5e41-7ff7e71f5e7c GetLastError call 7ff7e71e42e8 CloseHandle 332->340 341 7ff7e71f5e92-7ff7e71f5e99 332->341 337 7ff7e71f5e01-7ff7e71f5e2f GetLastError call 7ff7e71e42e8 333->337 338 7ff7e71f5dc1-7ff7e71f5dc5 333->338 337->329 338->337 345 7ff7e71f5dc7-7ff7e71f5dff CreateFileW 338->345 340->329 355 7ff7e71f5e82-7ff7e71f5e8d call 7ff7e71e4374 340->355 343 7ff7e71f5ea1-7ff7e71f5ea4 341->343 344 7ff7e71f5e9b-7ff7e71f5e9f 341->344 350 7ff7e71f5eaa-7ff7e71f5eff call 7ff7e71e6b44 343->350 351 7ff7e71f5ea6 343->351 344->350 345->332 345->337 359 7ff7e71f5f01-7ff7e71f5f0d call 7ff7e71f5bd8 350->359 360 7ff7e71f5f1e-7ff7e71f5f4f call 7ff7e71f5750 350->360 351->350 355->329 359->360 367 7ff7e71f5f0f 359->367 365 7ff7e71f5f55-7ff7e71f5f97 360->365 366 7ff7e71f5f51-7ff7e71f5f53 360->366 369 7ff7e71f5fb9-7ff7e71f5fc4 365->369 370 7ff7e71f5f99-7ff7e71f5f9d 365->370 368 7ff7e71f5f11-7ff7e71f5f19 call 7ff7e71e9ec0 366->368 367->368 368->347 372 7ff7e71f5fca-7ff7e71f5fce 369->372 373 7ff7e71f6068 369->373 370->369 371 7ff7e71f5f9f-7ff7e71f5fb4 370->371 371->369 372->373 375 7ff7e71f5fd4-7ff7e71f6019 CloseHandle CreateFileW 372->375 373->347 377 7ff7e71f604e-7ff7e71f6063 375->377 378 7ff7e71f601b-7ff7e71f6049 GetLastError call 7ff7e71e42e8 call 7ff7e71e6d6c 375->378 377->373 378->377
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1617910340-0
                                                                                                                                                                                                                                • Opcode ID: 632e748b839932f5b00ec5f176d5a067dee1d4c4f3157cbf34afbb6f699b0397
                                                                                                                                                                                                                                • Instruction ID: 96cc182db4407940e0487c6f38c8e5f2927640bbd52c924e9c8c78a9e02ff2e4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 632e748b839932f5b00ec5f176d5a067dee1d4c4f3157cbf34afbb6f699b0397
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 48C1F536B24B4186EB14EF64D4807AC7761FB89B98B510236DF2E97394CF38D466C311
                                                                                                                                                                                                                                Function 00007FF7E71D6760 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetTempPathW.KERNEL32(?,00000000,?,00007FF7E71D672D), ref: 00007FF7E71D67FA
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D6970: GetEnvironmentVariableW.KERNEL32(00007FF7E71D36C7), ref: 00007FF7E71D69AA
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D6970: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7E71D69C7
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71E65E4: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E71E65FD
                                                                                                                                                                                                                                • SetEnvironmentVariableW.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF7E71D68B1
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D2770: MessageBoxW.USER32 ref: 00007FF7E71D2841
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Environment$Variable$ExpandMessagePathStringsTemp_invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                                                                                                                                • API String ID: 3752271684-1116378104
                                                                                                                                                                                                                                • Opcode ID: dd061f857628f8cce594bc41954d9e76e8095696f5180e2e17042c5623d0381d
                                                                                                                                                                                                                                • Instruction ID: 09ae2a45e22da233d4f2d3778be83b74bc8954915f471c0d8d42bd746dafbb5d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dd061f857628f8cce594bc41954d9e76e8095696f5180e2e17042c5623d0381d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8B513F11B1974341ED58BB21F9953BA92519FC5BC1FC85033EE2E8779ADD3CE4034A22
                                                                                                                                                                                                                                Function 00007FF7E71F4FCC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 773 7ff7e71f4fcc-7ff7e71f5001 call 7ff7e71f46d8 call 7ff7e71f46e0 call 7ff7e71f4748 780 7ff7e71f513f-7ff7e71f51ad call 7ff7e71e9d00 call 7ff7e71f05e8 773->780 781 7ff7e71f5007-7ff7e71f5012 call 7ff7e71f46e8 773->781 793 7ff7e71f51af-7ff7e71f51b6 780->793 794 7ff7e71f51bb-7ff7e71f51be 780->794 781->780 787 7ff7e71f5018-7ff7e71f5023 call 7ff7e71f4718 781->787 787->780 792 7ff7e71f5029-7ff7e71f504c call 7ff7e71e9d48 GetTimeZoneInformation 787->792 804 7ff7e71f5114-7ff7e71f513e call 7ff7e71f46d0 call 7ff7e71f46c0 call 7ff7e71f46c8 792->804 805 7ff7e71f5052-7ff7e71f5073 792->805 796 7ff7e71f524b-7ff7e71f524e 793->796 797 7ff7e71f51f5-7ff7e71f5208 call 7ff7e71ec9fc 794->797 798 7ff7e71f51c0 794->798 801 7ff7e71f51c3 796->801 802 7ff7e71f5254-7ff7e71f525c call 7ff7e71f4d50 796->802 809 7ff7e71f5213-7ff7e71f522e call 7ff7e71f05e8 797->809 810 7ff7e71f520a 797->810 798->801 806 7ff7e71f51c8-7ff7e71f51f4 call 7ff7e71e9d48 call 7ff7e71dacd0 801->806 807 7ff7e71f51c3 call 7ff7e71f4fcc 801->807 802->806 811 7ff7e71f5075-7ff7e71f507b 805->811 812 7ff7e71f507e-7ff7e71f5085 805->812 807->806 829 7ff7e71f5235-7ff7e71f5247 call 7ff7e71e9d48 809->829 830 7ff7e71f5230-7ff7e71f5233 809->830 816 7ff7e71f520c-7ff7e71f5211 call 7ff7e71e9d48 810->816 811->812 818 7ff7e71f5099 812->818 819 7ff7e71f5087-7ff7e71f508f 812->819 816->798 823 7ff7e71f509b-7ff7e71f510f call 7ff7e71dc150 * 4 call 7ff7e71f1bac call 7ff7e71f5264 * 2 818->823 819->818 825 7ff7e71f5091-7ff7e71f5097 819->825 823->804 825->823 829->796 830->816
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7E71F4FFA
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71F4748: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E71F475C
                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7E71F500B
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71F46E8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E71F46FC
                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7E71F501C
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71F4718: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E71F472C
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71E9D48: RtlFreeHeap.NTDLL(?,?,?,00007FF7E71F1D72,?,?,?,00007FF7E71F1DAF,?,?,00000000,00007FF7E71F2275,?,?,?,00007FF7E71F21A7), ref: 00007FF7E71E9D5E
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71E9D48: GetLastError.KERNEL32(?,?,?,00007FF7E71F1D72,?,?,?,00007FF7E71F1DAF,?,?,00000000,00007FF7E71F2275,?,?,?,00007FF7E71F21A7), ref: 00007FF7E71E9D68
                                                                                                                                                                                                                                • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7E71F525C), ref: 00007FF7E71F5043
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                • API String ID: 3458911817-239921721
                                                                                                                                                                                                                                • Opcode ID: 6f592b97884ad86c6c5862fa308072426eccbbb8b3cbff7b01d41fc1ca71d458
                                                                                                                                                                                                                                • Instruction ID: 8f04323fa3229e03df4e870a358000656c322c9fe85baf0497456a4b7b9c0a96
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6f592b97884ad86c6c5862fa308072426eccbbb8b3cbff7b01d41fc1ca71d458
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A5518F32A1875286E724FF21E8803A9A764FF88784FC44137EB6D47696DF3CE4128761
                                                                                                                                                                                                                                Function 00007FF7E71D17B0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _fread_nolock$Message_invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                                                                                                                                                                                • API String ID: 2153230061-4158440160
                                                                                                                                                                                                                                • Opcode ID: 2efe959c749f8f76afec8a79fa2cafb61957af1c93f5bf12395ebeb40fb25534
                                                                                                                                                                                                                                • Instruction ID: 3804ac050ed35f54fc5191fd7c15555d91f40baff757bbb0da3ad7d18b535726
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2efe959c749f8f76afec8a79fa2cafb61957af1c93f5bf12395ebeb40fb25534
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C515F71A0970286EB18EF24E491378A3A1FF88B59B954137DB2D83395DF3CE542CB52
                                                                                                                                                                                                                                Function 00007FF7E71D1440 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 133COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 53 7ff7e71d1440-7ff7e71d1457 call 7ff7e71d6700 56 7ff7e71d1462-7ff7e71d1485 call 7ff7e71d6a20 53->56 57 7ff7e71d1459-7ff7e71d1461 53->57 60 7ff7e71d14a7-7ff7e71d14ad 56->60 61 7ff7e71d1487-7ff7e71d14a2 call 7ff7e71d24d0 56->61 63 7ff7e71d14af-7ff7e71d14ba call 7ff7e71d3c90 60->63 64 7ff7e71d14e0-7ff7e71d14f4 call 7ff7e71df864 60->64 70 7ff7e71d1635-7ff7e71d1647 61->70 68 7ff7e71d14bf-7ff7e71d14c5 63->68 72 7ff7e71d1516-7ff7e71d151a 64->72 73 7ff7e71d14f6-7ff7e71d1511 call 7ff7e71d24d0 64->73 68->64 71 7ff7e71d14c7-7ff7e71d14db call 7ff7e71d2770 68->71 83 7ff7e71d1617-7ff7e71d161d 71->83 76 7ff7e71d1534-7ff7e71d1554 call 7ff7e71e3fe0 72->76 77 7ff7e71d151c-7ff7e71d1528 call 7ff7e71d1050 72->77 73->83 85 7ff7e71d1575-7ff7e71d157b 76->85 86 7ff7e71d1556-7ff7e71d1570 call 7ff7e71d24d0 76->86 84 7ff7e71d152d-7ff7e71d152f 77->84 87 7ff7e71d161f call 7ff7e71df1dc 83->87 88 7ff7e71d162b-7ff7e71d162e call 7ff7e71df1dc 83->88 84->83 90 7ff7e71d1605-7ff7e71d1608 call 7ff7e71e3fcc 85->90 91 7ff7e71d1581-7ff7e71d1586 85->91 99 7ff7e71d160d-7ff7e71d1612 86->99 97 7ff7e71d1624 87->97 98 7ff7e71d1633 88->98 90->99 96 7ff7e71d1590-7ff7e71d15b2 call 7ff7e71df52c 91->96 102 7ff7e71d15b4-7ff7e71d15cc call 7ff7e71dfc6c 96->102 103 7ff7e71d15e5-7ff7e71d15ec 96->103 97->88 98->70 99->83 109 7ff7e71d15d5-7ff7e71d15e3 102->109 110 7ff7e71d15ce-7ff7e71d15d1 102->110 104 7ff7e71d15f3-7ff7e71d15fb call 7ff7e71d24d0 103->104 111 7ff7e71d1600 104->111 109->104 110->96 112 7ff7e71d15d3 110->112 111->90 112->111
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                                • API String ID: 0-666925554
                                                                                                                                                                                                                                • Opcode ID: 26ede4a3923a4e78372fec4ec80fbe8fe42b310783ff2391cbf4041856c1e0b0
                                                                                                                                                                                                                                • Instruction ID: cdaeefedfa9b761a2e21f8ca31252b219a467ab49f8fce6b2e44a0d0dd270d34
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 26ede4a3923a4e78372fec4ec80fbe8fe42b310783ff2391cbf4041856c1e0b0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E851BC21A0874281EA14FB15F4847B9A360AF82BDAF854133DF3D07695EF7CE1479B22
                                                                                                                                                                                                                                Function 00007FF7E71D7810 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                                                                                                                                                                                                • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                                                                                                                                • API String ID: 4998090-2855260032
                                                                                                                                                                                                                                • Opcode ID: af43192e558f9788d8e79a42a8209ba7990e18510bead9af3882adaa3d55134e
                                                                                                                                                                                                                                • Instruction ID: b5d095b00c771bbee19d2cdf917c9846ece1ec2a9ab33eb35bf610effbae209a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: af43192e558f9788d8e79a42a8209ba7990e18510bead9af3882adaa3d55134e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F641303161878282EB50EF20F4847AAB361FFC5755F844232EB6E46695DF3CE44ACB11
                                                                                                                                                                                                                                Function 00007FF7E71D6F50 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 84processsynchronizationCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                                                                • String ID: CreateProcessW$Error creating child process!
                                                                                                                                                                                                                                • API String ID: 2895956056-3524285272
                                                                                                                                                                                                                                • Opcode ID: 5f16b07142fd6e9cf00bc922e8cc9db10b45bb18e926ceaba9689dfbd1de94f9
                                                                                                                                                                                                                                • Instruction ID: ce3afdf37619e254afc703cfd383904a7f29e46ed2b5127edc6b0632e26ad5d2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5f16b07142fd6e9cf00bc922e8cc9db10b45bb18e926ceaba9689dfbd1de94f9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B8413132A08B8282EA14EB64F4553AEF3A4FFD5350F900136E6AD43795DF7CD0568B51
                                                                                                                                                                                                                                Function 00007FF7E71D1000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 273COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 383 7ff7e71d1000-7ff7e71d3666 call 7ff7e71defb0 call 7ff7e71defa8 call 7ff7e71d7570 call 7ff7e71defa8 call 7ff7e71dad00 call 7ff7e71e41a0 call 7ff7e71e4e44 call 7ff7e71d1af0 401 7ff7e71d366c-7ff7e71d367b call 7ff7e71d3b80 383->401 402 7ff7e71d377a 383->402 401->402 407 7ff7e71d3681-7ff7e71d3694 call 7ff7e71d3a50 401->407 404 7ff7e71d377f-7ff7e71d379f call 7ff7e71dacd0 402->404 407->402 411 7ff7e71d369a-7ff7e71d36ad call 7ff7e71d3b00 407->411 411->402 414 7ff7e71d36b3-7ff7e71d36da call 7ff7e71d6970 411->414 417 7ff7e71d371c-7ff7e71d3744 call 7ff7e71d6f10 call 7ff7e71d19d0 414->417 418 7ff7e71d36dc-7ff7e71d36eb call 7ff7e71d6970 414->418 429 7ff7e71d382d-7ff7e71d383e 417->429 430 7ff7e71d374a-7ff7e71d3760 call 7ff7e71d19d0 417->430 418->417 424 7ff7e71d36ed-7ff7e71d36f3 418->424 426 7ff7e71d36f5-7ff7e71d36fd 424->426 427 7ff7e71d36ff-7ff7e71d3719 call 7ff7e71e3fcc call 7ff7e71d6f10 424->427 426->427 427->417 432 7ff7e71d3853-7ff7e71d386b call 7ff7e71d79a0 429->432 433 7ff7e71d3840-7ff7e71d384a call 7ff7e71d3260 429->433 442 7ff7e71d37a0-7ff7e71d37a3 430->442 443 7ff7e71d3762-7ff7e71d3775 call 7ff7e71d2770 430->443 447 7ff7e71d386d-7ff7e71d3879 call 7ff7e71d2770 432->447 448 7ff7e71d387e-7ff7e71d3885 SetDllDirectoryW 432->448 445 7ff7e71d388b-7ff7e71d3898 call 7ff7e71d5e20 433->445 446 7ff7e71d384c 433->446 442->429 444 7ff7e71d37a9-7ff7e71d37c0 call 7ff7e71d3c90 442->444 443->402 458 7ff7e71d37c2-7ff7e71d37c5 444->458 459 7ff7e71d37c7-7ff7e71d37f3 call 7ff7e71d7170 444->459 456 7ff7e71d38e6-7ff7e71d38eb call 7ff7e71d5da0 445->456 457 7ff7e71d389a-7ff7e71d38aa call 7ff7e71d5ac0 445->457 446->432 447->402 448->445 464 7ff7e71d38f0-7ff7e71d38f3 456->464 457->456 471 7ff7e71d38ac-7ff7e71d38bb call 7ff7e71d5620 457->471 462 7ff7e71d3802-7ff7e71d3818 call 7ff7e71d2770 458->462 472 7ff7e71d37f5-7ff7e71d37fd call 7ff7e71df1dc 459->472 473 7ff7e71d381d-7ff7e71d382b 459->473 462->402 469 7ff7e71d39a6-7ff7e71d39b5 call 7ff7e71d30f0 464->469 470 7ff7e71d38f9-7ff7e71d3906 464->470 469->402 487 7ff7e71d39bb-7ff7e71d39f2 call 7ff7e71d6ea0 call 7ff7e71d6970 call 7ff7e71d53c0 469->487 474 7ff7e71d3910-7ff7e71d391a 470->474 485 7ff7e71d38dc-7ff7e71d38e1 call 7ff7e71d5870 471->485 486 7ff7e71d38bd-7ff7e71d38c9 call 7ff7e71d55b0 471->486 472->462 473->433 478 7ff7e71d3923-7ff7e71d3925 474->478 479 7ff7e71d391c-7ff7e71d3921 474->479 483 7ff7e71d3971-7ff7e71d39a1 call 7ff7e71d3250 call 7ff7e71d3090 call 7ff7e71d3240 call 7ff7e71d5870 call 7ff7e71d5da0 478->483 484 7ff7e71d3927-7ff7e71d394a call 7ff7e71d1b30 478->484 479->474 479->478 483->404 484->402 497 7ff7e71d3950-7ff7e71d395b 484->497 485->456 486->485 498 7ff7e71d38cb-7ff7e71d38da call 7ff7e71d5c70 486->498 487->402 510 7ff7e71d39f8-7ff7e71d3a0b call 7ff7e71d3250 call 7ff7e71d6f50 487->510 501 7ff7e71d3960-7ff7e71d396f 497->501 498->464 501->483 501->501 518 7ff7e71d3a10-7ff7e71d3a2d call 7ff7e71d5870 call 7ff7e71d5da0 510->518 523 7ff7e71d3a2f-7ff7e71d3a32 call 7ff7e71d6c10 518->523 524 7ff7e71d3a37-7ff7e71d3a41 call 7ff7e71d1ab0 518->524 523->524 524->404
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D3B80: GetModuleFileNameW.KERNEL32(?,00007FF7E71D3679), ref: 00007FF7E71D3BB1
                                                                                                                                                                                                                                • SetDllDirectoryW.KERNEL32 ref: 00007FF7E71D3885
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D6970: GetEnvironmentVariableW.KERNEL32(00007FF7E71D36C7), ref: 00007FF7E71D69AA
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D6970: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7E71D69C7
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                                                                                                                                                                                • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                                                                • API String ID: 2344891160-3602715111
                                                                                                                                                                                                                                • Opcode ID: 2ad61965439258a95240d1e8b3d15387b0a9c5941bbb79d89789d074da181918
                                                                                                                                                                                                                                • Instruction ID: 206b906c5899189a66096f3e8e6ebf7fbd47e3c84ff32ff8bb89dec1a31cfcb7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2ad61965439258a95240d1e8b3d15387b0a9c5941bbb79d89789d074da181918
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E4B1A261A1C78381EE64BB21F4913B99251AFC5786FC40133EB6D47696EE3CE5078B22
                                                                                                                                                                                                                                Function 00007FF7E71D1050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 528 7ff7e71d1050-7ff7e71d10ab call 7ff7e71d98b0 531 7ff7e71d10d3-7ff7e71d10eb call 7ff7e71e3fe0 528->531 532 7ff7e71d10ad-7ff7e71d10d2 call 7ff7e71d2770 528->532 537 7ff7e71d10ed-7ff7e71d1104 call 7ff7e71d24d0 531->537 538 7ff7e71d1109-7ff7e71d1119 call 7ff7e71e3fe0 531->538 543 7ff7e71d126c-7ff7e71d1281 call 7ff7e71d95a0 call 7ff7e71e3fcc * 2 537->543 544 7ff7e71d111b-7ff7e71d1132 call 7ff7e71d24d0 538->544 545 7ff7e71d1137-7ff7e71d1147 538->545 560 7ff7e71d1286-7ff7e71d12a0 543->560 544->543 547 7ff7e71d1150-7ff7e71d1175 call 7ff7e71df52c 545->547 555 7ff7e71d117b-7ff7e71d1185 call 7ff7e71df2a0 547->555 556 7ff7e71d125e 547->556 555->556 562 7ff7e71d118b-7ff7e71d1197 555->562 558 7ff7e71d1264 556->558 558->543 563 7ff7e71d11a0-7ff7e71d11c8 call 7ff7e71d7d20 562->563 566 7ff7e71d1241-7ff7e71d125c call 7ff7e71d2770 563->566 567 7ff7e71d11ca-7ff7e71d11cd 563->567 566->558 568 7ff7e71d11cf-7ff7e71d11d9 567->568 569 7ff7e71d123c 567->569 571 7ff7e71d1203-7ff7e71d1206 568->571 572 7ff7e71d11db-7ff7e71d11e8 call 7ff7e71dfc6c 568->572 569->566 575 7ff7e71d1208-7ff7e71d1216 call 7ff7e71dbaa0 571->575 576 7ff7e71d1219-7ff7e71d121e 571->576 578 7ff7e71d11ed-7ff7e71d11f0 572->578 575->576 576->563 577 7ff7e71d1220-7ff7e71d1223 576->577 581 7ff7e71d1225-7ff7e71d1228 577->581 582 7ff7e71d1237-7ff7e71d123a 577->582 583 7ff7e71d11f2-7ff7e71d11fc call 7ff7e71df2a0 578->583 584 7ff7e71d11fe-7ff7e71d1201 578->584 581->566 585 7ff7e71d122a-7ff7e71d1232 581->585 582->558 583->576 583->584 584->566 585->547
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Message
                                                                                                                                                                                                                                • String ID: 1.2.12$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                • API String ID: 2030045667-1282086711
                                                                                                                                                                                                                                • Opcode ID: 22e1c2c43cf533ad3848f8f618e0f2e8e668a48f2b461afd16613f1cd81aac3a
                                                                                                                                                                                                                                • Instruction ID: 99c2ee190ca1ebcfd6159c8ca57f0d2af22056bc9655f696f0aadcff51b7e92f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 22e1c2c43cf533ad3848f8f618e0f2e8e668a48f2b461afd16613f1cd81aac3a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A851A322A0878285EA20BB11F4803BAA290FBC5795F994137DF6D47785EF3CE546DB12
                                                                                                                                                                                                                                Function 00007FF7E71EAE5C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 660 7ff7e71eae5c-7ff7e71eae82 661 7ff7e71eae84-7ff7e71eae98 call 7ff7e71e4354 call 7ff7e71e4374 660->661 662 7ff7e71eae9d-7ff7e71eaea1 660->662 676 7ff7e71eb28e 661->676 664 7ff7e71eb277-7ff7e71eb283 call 7ff7e71e4354 call 7ff7e71e4374 662->664 665 7ff7e71eaea7-7ff7e71eaeae 662->665 684 7ff7e71eb289 call 7ff7e71e9ce0 664->684 665->664 667 7ff7e71eaeb4-7ff7e71eaee2 665->667 667->664 670 7ff7e71eaee8-7ff7e71eaeef 667->670 673 7ff7e71eaef1-7ff7e71eaf03 call 7ff7e71e4354 call 7ff7e71e4374 670->673 674 7ff7e71eaf08-7ff7e71eaf0b 670->674 673->684 679 7ff7e71eb273-7ff7e71eb275 674->679 680 7ff7e71eaf11-7ff7e71eaf17 674->680 682 7ff7e71eb291-7ff7e71eb2a8 676->682 679->682 680->679 681 7ff7e71eaf1d-7ff7e71eaf20 680->681 681->673 685 7ff7e71eaf22-7ff7e71eaf47 681->685 684->676 688 7ff7e71eaf49-7ff7e71eaf4b 685->688 689 7ff7e71eaf7a-7ff7e71eaf81 685->689 691 7ff7e71eaf72-7ff7e71eaf78 688->691 692 7ff7e71eaf4d-7ff7e71eaf54 688->692 693 7ff7e71eaf56-7ff7e71eaf6d call 7ff7e71e4354 call 7ff7e71e4374 call 7ff7e71e9ce0 689->693 694 7ff7e71eaf83-7ff7e71eafab call 7ff7e71ec9fc call 7ff7e71e9d48 * 2 689->694 696 7ff7e71eaff8-7ff7e71eb00f 691->696 692->691 692->693 725 7ff7e71eb100 693->725 721 7ff7e71eafad-7ff7e71eafc3 call 7ff7e71e4374 call 7ff7e71e4354 694->721 722 7ff7e71eafc8-7ff7e71eaff3 call 7ff7e71eb684 694->722 699 7ff7e71eb011-7ff7e71eb019 696->699 700 7ff7e71eb08a-7ff7e71eb094 call 7ff7e71f296c 696->700 699->700 705 7ff7e71eb01b-7ff7e71eb01d 699->705 713 7ff7e71eb11e 700->713 714 7ff7e71eb09a-7ff7e71eb0af 700->714 705->700 709 7ff7e71eb01f-7ff7e71eb035 705->709 709->700 710 7ff7e71eb037-7ff7e71eb043 709->710 710->700 715 7ff7e71eb045-7ff7e71eb047 710->715 717 7ff7e71eb123-7ff7e71eb143 ReadFile 713->717 714->713 719 7ff7e71eb0b1-7ff7e71eb0c3 GetConsoleMode 714->719 715->700 720 7ff7e71eb049-7ff7e71eb061 715->720 723 7ff7e71eb23d-7ff7e71eb246 GetLastError 717->723 724 7ff7e71eb149-7ff7e71eb151 717->724 719->713 726 7ff7e71eb0c5-7ff7e71eb0cd 719->726 720->700 728 7ff7e71eb063-7ff7e71eb06f 720->728 721->725 722->696 733 7ff7e71eb263-7ff7e71eb266 723->733 734 7ff7e71eb248-7ff7e71eb25e call 7ff7e71e4374 call 7ff7e71e4354 723->734 724->723 730 7ff7e71eb157 724->730 727 7ff7e71eb103-7ff7e71eb10d call 7ff7e71e9d48 725->727 726->717 732 7ff7e71eb0cf-7ff7e71eb0f1 ReadConsoleW 726->732 727->682 728->700 737 7ff7e71eb071-7ff7e71eb073 728->737 741 7ff7e71eb15e-7ff7e71eb173 730->741 743 7ff7e71eb0f3 GetLastError 732->743 744 7ff7e71eb112-7ff7e71eb11c 732->744 738 7ff7e71eb26c-7ff7e71eb26e 733->738 739 7ff7e71eb0f9-7ff7e71eb0fb call 7ff7e71e42e8 733->739 734->725 737->700 747 7ff7e71eb075-7ff7e71eb085 737->747 738->727 739->725 741->727 749 7ff7e71eb175-7ff7e71eb180 741->749 743->739 744->741 747->700 753 7ff7e71eb182-7ff7e71eb19b call 7ff7e71eaa74 749->753 754 7ff7e71eb1a7-7ff7e71eb1af 749->754 762 7ff7e71eb1a0-7ff7e71eb1a2 753->762 757 7ff7e71eb1b1-7ff7e71eb1c3 754->757 758 7ff7e71eb22b-7ff7e71eb238 call 7ff7e71ea8b4 754->758 759 7ff7e71eb1c5 757->759 760 7ff7e71eb21e-7ff7e71eb226 757->760 758->762 763 7ff7e71eb1ca-7ff7e71eb1d1 759->763 760->727 762->727 765 7ff7e71eb1d3-7ff7e71eb1d7 763->765 766 7ff7e71eb20d-7ff7e71eb218 763->766 767 7ff7e71eb1f3 765->767 768 7ff7e71eb1d9-7ff7e71eb1e0 765->768 766->760 770 7ff7e71eb1f9-7ff7e71eb209 767->770 768->767 769 7ff7e71eb1e2-7ff7e71eb1e6 768->769 769->767 771 7ff7e71eb1e8-7ff7e71eb1f1 769->771 770->763 772 7ff7e71eb20b 770->772 771->770 772->760
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                • Opcode ID: 3dbd079f25493cb00c0f377b89eb06eb2a655696f53ab85c59b8783cdb1b2f43
                                                                                                                                                                                                                                • Instruction ID: 7c0fcea998c95bcc6e8c71980a1e775690048219f2d545c4a73dc03c9f4198d2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3dbd079f25493cb00c0f377b89eb06eb2a655696f53ab85c59b8783cdb1b2f43
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 59C1D232A0C78743EA20AB15F4447BDA6A1EFD1BD0F950133EA6D83691CE7CE4478762
                                                                                                                                                                                                                                Function 00007FF7E71EC360 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 850 7ff7e71ec360-7ff7e71ec385 851 7ff7e71ec653 850->851 852 7ff7e71ec38b-7ff7e71ec38e 850->852 853 7ff7e71ec655-7ff7e71ec665 851->853 854 7ff7e71ec390-7ff7e71ec3c2 call 7ff7e71e9c14 852->854 855 7ff7e71ec3c7-7ff7e71ec3f3 852->855 854->853 857 7ff7e71ec3f5-7ff7e71ec3fc 855->857 858 7ff7e71ec3fe-7ff7e71ec404 855->858 857->854 857->858 860 7ff7e71ec406-7ff7e71ec40f call 7ff7e71eb720 858->860 861 7ff7e71ec414-7ff7e71ec429 call 7ff7e71f296c 858->861 860->861 865 7ff7e71ec543-7ff7e71ec54c 861->865 866 7ff7e71ec42f-7ff7e71ec438 861->866 867 7ff7e71ec5a0-7ff7e71ec5c5 WriteFile 865->867 868 7ff7e71ec54e-7ff7e71ec554 865->868 866->865 869 7ff7e71ec43e-7ff7e71ec442 866->869 870 7ff7e71ec5d0 867->870 871 7ff7e71ec5c7-7ff7e71ec5cd GetLastError 867->871 872 7ff7e71ec556-7ff7e71ec559 868->872 873 7ff7e71ec58c-7ff7e71ec59e call 7ff7e71ebe18 868->873 874 7ff7e71ec453-7ff7e71ec45e 869->874 875 7ff7e71ec444-7ff7e71ec44c call 7ff7e71e3950 869->875 879 7ff7e71ec5d3 870->879 871->870 880 7ff7e71ec55b-7ff7e71ec55e 872->880 881 7ff7e71ec578-7ff7e71ec58a call 7ff7e71ec038 872->881 894 7ff7e71ec530-7ff7e71ec537 873->894 876 7ff7e71ec46f-7ff7e71ec484 GetConsoleMode 874->876 877 7ff7e71ec460-7ff7e71ec469 874->877 875->874 883 7ff7e71ec53c 876->883 884 7ff7e71ec48a-7ff7e71ec490 876->884 877->865 877->876 886 7ff7e71ec5d8 879->886 887 7ff7e71ec5e4-7ff7e71ec5ee 880->887 888 7ff7e71ec564-7ff7e71ec576 call 7ff7e71ebf1c 880->888 881->894 883->865 892 7ff7e71ec496-7ff7e71ec499 884->892 893 7ff7e71ec519-7ff7e71ec52b call 7ff7e71eb9a0 884->893 895 7ff7e71ec5dd 886->895 896 7ff7e71ec5f0-7ff7e71ec5f5 887->896 897 7ff7e71ec64c-7ff7e71ec651 887->897 888->894 899 7ff7e71ec4a4-7ff7e71ec4b2 892->899 900 7ff7e71ec49b-7ff7e71ec49e 892->900 893->894 894->886 895->887 902 7ff7e71ec623-7ff7e71ec62d 896->902 903 7ff7e71ec5f7-7ff7e71ec5fa 896->903 897->853 907 7ff7e71ec4b4 899->907 908 7ff7e71ec510-7ff7e71ec514 899->908 900->895 900->899 905 7ff7e71ec634-7ff7e71ec643 902->905 906 7ff7e71ec62f-7ff7e71ec632 902->906 909 7ff7e71ec613-7ff7e71ec61e call 7ff7e71e4330 903->909 910 7ff7e71ec5fc-7ff7e71ec60b 903->910 905->897 906->851 906->905 912 7ff7e71ec4b8-7ff7e71ec4cf call 7ff7e71f2a38 907->912 908->879 909->902 910->909 916 7ff7e71ec4d1-7ff7e71ec4dd 912->916 917 7ff7e71ec507-7ff7e71ec50d GetLastError 912->917 918 7ff7e71ec4df-7ff7e71ec4f1 call 7ff7e71f2a38 916->918 919 7ff7e71ec4fc-7ff7e71ec503 916->919 917->908 918->917 923 7ff7e71ec4f3-7ff7e71ec4fa 918->923 919->908 920 7ff7e71ec505 919->920 920->912 923->919
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF7E71EC34B), ref: 00007FF7E71EC47C
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF7E71EC34B), ref: 00007FF7E71EC507
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 953036326-0
                                                                                                                                                                                                                                • Opcode ID: d1123a7759acd2de89f70fbc91131bac1b02d2ce66ed859b546e10adeb5b6b1d
                                                                                                                                                                                                                                • Instruction ID: 68c114b65b4ee6bc7ccd891c4980870f6b2a71a687c7335b76591960bca0899a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d1123a7759acd2de89f70fbc91131bac1b02d2ce66ed859b546e10adeb5b6b1d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2091B672B1875146F750AF25E84037DABA0FF84B88F945137DE2E92784DE38E4438722
                                                                                                                                                                                                                                Function 00007FF7E71EE80C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4170891091-0
                                                                                                                                                                                                                                • Opcode ID: 1dd24f7105ff8e7d48a2fb442a16f04649d1343116b9e24a6dd38911d1b00d9f
                                                                                                                                                                                                                                • Instruction ID: 5fc05e566292fec6398c92f45ac60231415cde74061cfcb4584ba4808c90fa42
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1dd24f7105ff8e7d48a2fb442a16f04649d1343116b9e24a6dd38911d1b00d9f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6451C872F083124BFB24EB64E94577CA6A5FB84368F900236DE2D926E5DB38A447C711
                                                                                                                                                                                                                                Function 00007FF7E71E4704 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2780335769-0
                                                                                                                                                                                                                                • Opcode ID: 2c803cf069e940bc8ce2885be35e730a536e5e4cf13c1f700208f7e9b675e8ba
                                                                                                                                                                                                                                • Instruction ID: 5cf8ecda696eed258353274d534eb0b4151dec9a5927f01e5923ab60152cbe32
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2c803cf069e940bc8ce2885be35e730a536e5e4cf13c1f700208f7e9b675e8ba
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4C518F22E147418BF714EFA1E4517BDB3A1EF88B58F944136EE1997644DF38D4438362
                                                                                                                                                                                                                                Function 00007FF7E71DAE3C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1452418845-0
                                                                                                                                                                                                                                • Opcode ID: fe3ada7a8cc56a4ed65094338cfa1a217e5e95ba653fb5ab557310939df0f8c4
                                                                                                                                                                                                                                • Instruction ID: 3a94079f42b44c5e37c0f907344d0347de1146785a8db8883c9040ddad85c647
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fe3ada7a8cc56a4ed65094338cfa1a217e5e95ba653fb5ab557310939df0f8c4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A5312921A0831246EA24FB64F4913B9A2919FC5785FC45437EB6E476D3DE3CA8078A37
                                                                                                                                                                                                                                Function 00007FF7E71E45B0 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1279662727-0
                                                                                                                                                                                                                                • Opcode ID: e466375c137080442015770c21472d3ddd744ca47b074c7543c7a5c04326b230
                                                                                                                                                                                                                                • Instruction ID: cc6822e53737935bfb1f01499ba5502ff25baf10b94d21ea895256e1dee01bc2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e466375c137080442015770c21472d3ddd744ca47b074c7543c7a5c04326b230
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D941A362D1878283F714AB61E500369A360FFD97A4F509336FAAC43AD1DF7CA5E28711
                                                                                                                                                                                                                                Function 00007FF7E71DF2CC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                • Opcode ID: 4e38ebb67bc940453e85471c4fa41f8c71406493bfbb1ff44c5ef19ba65e7d48
                                                                                                                                                                                                                                • Instruction ID: 9507722e682e0b319e909525771aefb334cb4e2e9927a2759eecda63a6097426
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4e38ebb67bc940453e85471c4fa41f8c71406493bfbb1ff44c5ef19ba65e7d48
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB51EA31A093D246E624AD25F44477AA194AFC0BA9F444736DF7D477C5CF3CE602CA22
                                                                                                                                                                                                                                Function 00007FF7E71EB534 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SetFilePointerEx.KERNELBASE(?,?,?,?,00000000,00007FF7E71EB6CD), ref: 00007FF7E71EB580
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,00000000,00007FF7E71EB6CD), ref: 00007FF7E71EB58A
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2976181284-0
                                                                                                                                                                                                                                • Opcode ID: 9f733d69f420b8b04d1076dad759c709488f53e52c8dcc29dc1aedb5cdeb4cec
                                                                                                                                                                                                                                • Instruction ID: 46c1e04058d50701c9ad7c362c6e005b3294e36773825313b97414da1f64b7e2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9f733d69f420b8b04d1076dad759c709488f53e52c8dcc29dc1aedb5cdeb4cec
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D11D061A18B9182DA20AB25F400269A361EF85BF0F940332EA7D477E8CE3CD4528B01
                                                                                                                                                                                                                                Function 00007FF7E71E48AC Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E71E47C1), ref: 00007FF7E71E48DF
                                                                                                                                                                                                                                • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E71E47C1), ref: 00007FF7E71E48F5
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1707611234-0
                                                                                                                                                                                                                                • Opcode ID: 3187d087db2b214abcb8657b9371278066060ab850da1b3f30db97418e55af6d
                                                                                                                                                                                                                                • Instruction ID: dddedb3e1509ce50a058ccb0ccd1edee32fccbcefcea2b7bea857b2855c37995
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3187d087db2b214abcb8657b9371278066060ab850da1b3f30db97418e55af6d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 74116D2260C74282EA54AB14F44123AE760FBC57B1F901237FAAE819D8EF3CD016CB21
                                                                                                                                                                                                                                Function 00007FF7E71E9D48 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(?,?,?,00007FF7E71F1D72,?,?,?,00007FF7E71F1DAF,?,?,00000000,00007FF7E71F2275,?,?,?,00007FF7E71F21A7), ref: 00007FF7E71E9D5E
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF7E71F1D72,?,?,?,00007FF7E71F1DAF,?,?,00000000,00007FF7E71F2275,?,?,?,00007FF7E71F21A7), ref: 00007FF7E71E9D68
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 485612231-0
                                                                                                                                                                                                                                • Opcode ID: 09d488bb06d55175f79f30023c2eae0eb1538c267421da5f785fc5d583374eac
                                                                                                                                                                                                                                • Instruction ID: 56119317a455c2fe1c1e022f8dcf8951f691162e55a215541eb9e279d3ef3799
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 09d488bb06d55175f79f30023c2eae0eb1538c267421da5f785fc5d583374eac
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 33E04F10E0874243FA18BBF2F8482399160AFC5740B840032DD2D86252DE3CB8574372
                                                                                                                                                                                                                                Function 00007FF7E71E9F58 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CloseHandle.KERNELBASE(?,?,?,00007FF7E71E9DD5,?,?,00000000,00007FF7E71E9E8A), ref: 00007FF7E71E9FC6
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF7E71E9DD5,?,?,00000000,00007FF7E71E9E8A), ref: 00007FF7E71E9FD0
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 918212764-0
                                                                                                                                                                                                                                • Opcode ID: ac9e98b412a5961d7460aa12ad0ec3afb474dab09b1a01e5b31658786db65771
                                                                                                                                                                                                                                • Instruction ID: bec4cec3538b53e1461a5cddee4749516f011bb1ba5ac6c23ad791d10f884809
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ac9e98b412a5961d7460aa12ad0ec3afb474dab09b1a01e5b31658786db65771
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F6215021B1874242EA54A765F4503BDAA92DFC5BA0FD84237EA3E872D5CE7CA4464323
                                                                                                                                                                                                                                Function 00007FF7E71EB2AC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                • Opcode ID: 59b3af13fe784cb7670022fdd077a90ad3e77dba11ba07e1d20d2cc9a011fd15
                                                                                                                                                                                                                                • Instruction ID: fa9a120880d1a5fade98091988aeb2a786dedd8acb76e18fa97861124e2816c5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 59b3af13fe784cb7670022fdd077a90ad3e77dba11ba07e1d20d2cc9a011fd15
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3418F3290834687EA34AA19F54177DB3A4EB95B50F941133DAAAC3A91CB3CE543C762
                                                                                                                                                                                                                                Function 00007FF7E71D7170 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _fread_nolock
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 840049012-0
                                                                                                                                                                                                                                • Opcode ID: 7dd6549e8be6f0a463f4e0f196cf2dfdddde6daaea8a0a7483063f7990cb7187
                                                                                                                                                                                                                                • Instruction ID: aa372ba579bfbf195e0dad4dc972a9685b8e909c75db49dc4680288dba8941c9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7dd6549e8be6f0a463f4e0f196cf2dfdddde6daaea8a0a7483063f7990cb7187
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E9218121B0839245EE10AA12B5447BAE651FF85BD5FC84432EE2D07786DF3CE142CA12
                                                                                                                                                                                                                                Function 00007FF7E71EAD3C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                • Opcode ID: 7d59e4c40900bb32387b6d96138c4a28a58e0b2ab210e317c35ca26ebe7fd99a
                                                                                                                                                                                                                                • Instruction ID: 8ca389d3df96210f2daf9b2d89078c39742ad84ccb91c932e7b90b08df09c8a4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7d59e4c40900bb32387b6d96138c4a28a58e0b2ab210e317c35ca26ebe7fd99a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F6315D31A1875286E755BB15E841379AA50EBD4B91F850237EA79833D2CF7CE8438722
                                                                                                                                                                                                                                Function 00007FF7E71E53F8 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                • Opcode ID: be1079961907d1906d587a3e65c1e024338dd0a3e917ec7f85ba85c18500dcb2
                                                                                                                                                                                                                                • Instruction ID: 7614eb8eef91d19fff95c87f540fdc87e2564c46a683ab03cb68c3d88fb09363
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: be1079961907d1906d587a3e65c1e024338dd0a3e917ec7f85ba85c18500dcb2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F1112131A1874182EA60FF51F80037DE2A0FBC5B84F884436FA9D97695CFBDD5429762
                                                                                                                                                                                                                                Function 00007FF7E71F568C Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                • Opcode ID: 517f1388def26b6ea6af1a1c77ba5c260dc8b33e60c43458f0534b05beae82e8
                                                                                                                                                                                                                                • Instruction ID: 2edfabc7aea7aca3999b4d266a4e3cb37beb4b3dcd736f35b180bb0ece25a381
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 517f1388def26b6ea6af1a1c77ba5c260dc8b33e60c43458f0534b05beae82e8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0621A132A18B4187D765AF18E440369B6A0FFC4BA4FA44236E76D876D9DF3CD4128B11
                                                                                                                                                                                                                                Function 00007FF7E71DF54C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                • Opcode ID: 1748ab499dec2cd63d41733e33088bccb1bfcf71d5c0ce3e5d0110a60e1804e7
                                                                                                                                                                                                                                • Instruction ID: 075add938526e6add54a656cdde05b1e9268bb35aeeac88a2200b88d2e4590d1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1748ab499dec2cd63d41733e33088bccb1bfcf71d5c0ce3e5d0110a60e1804e7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0A01A021A0878241EA04EF52F940269E6A5ABC5FE4F884632EE7C43BD6CF3CE2124711
                                                                                                                                                                                                                                Function 00007FF7E71EDC70 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(?,?,00000000,00007FF7E71EA7E6,?,?,?,00007FF7E71E99A3,?,?,00000000,00007FF7E71E9C3E), ref: 00007FF7E71EDCC5
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocHeap
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4292702814-0
                                                                                                                                                                                                                                • Opcode ID: 706319e4b74843d5ad32e6c0b7fb19fe3c01a362d6ca9e09dab64425b174a517
                                                                                                                                                                                                                                • Instruction ID: a71774cc7092e3c5e5a55056abe55e41e5bebd263204b92ca1ad5a8b30404855
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 706319e4b74843d5ad32e6c0b7fb19fe3c01a362d6ca9e09dab64425b174a517
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D9F0AF54B1930642FE54B651F9003B4C2909FC9BC0F8C6436CDAEC72C1DD7CE4924272
                                                                                                                                                                                                                                Function 00007FF7E71EC9FC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(?,?,?,00007FF7E71DFD74,?,?,?,00007FF7E71E1286,?,?,?,?,?,00007FF7E71E2879), ref: 00007FF7E71ECA3A
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocHeap
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4292702814-0
                                                                                                                                                                                                                                • Opcode ID: 489c3d0cd44d140bc65b640a77535ff6cb9a2f4134c0d54aac00f59d377539c0
                                                                                                                                                                                                                                • Instruction ID: dd13959df38b1a1274d4bb379bb72e64ecf6abcac5866464946b3c716423bd6f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 489c3d0cd44d140bc65b640a77535ff6cb9a2f4134c0d54aac00f59d377539c0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D0F0FE54B0935646FE64BAA1FD51775D1909FC5FA0F884A32DD3EC52C2EE3CB4429232

                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                Function 00007FF7E71D3DD0 Relevance: 291.0, APIs: 55, Strings: 111, Instructions: 457libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressProc
                                                                                                                                                                                                                                • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UTF8Mode$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleStringFlags$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UTF8Mode$Py_UnbufferedStdioFlag$Py_VerboseFlag
                                                                                                                                                                                                                                • API String ID: 190572456-3109299426
                                                                                                                                                                                                                                • Opcode ID: 6e6539b2492bcb566142f8ce84d8e1d9cc234e654b2aa916a41ae674904a9854
                                                                                                                                                                                                                                • Instruction ID: df834e17569ee106f6798792afafe4d72a3a9553cfdd4f5c3a2d3814bb851c56
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e6539b2492bcb566142f8ce84d8e1d9cc234e654b2aa916a41ae674904a9854
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C142E975A0AF0391EA19FB24F890374A3B5AF85785BD45033CA2E06264EF7CF517C626
                                                                                                                                                                                                                                Function 00007FF7E71D1B90 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 188windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend$Window$Create$Move$ObjectSelect$#380BaseClientDialogDrawFontIndirectInfoParametersRectReleaseSystemTextUnits
                                                                                                                                                                                                                                • String ID: BUTTON$Close$EDIT$Failed to execute script '%ls' due to unhandled exception: %ls$STATIC
                                                                                                                                                                                                                                • API String ID: 2446303242-1601438679
                                                                                                                                                                                                                                • Opcode ID: 051afb74dd6d8b2a6ec501d8fa5556287ab5d0c90ea366ccf65a0a970d90b360
                                                                                                                                                                                                                                • Instruction ID: 1d1a0cb43f91ef0e24f396f09ca13e3c6bed1fb45583a57d15057b8df10c25bc
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 051afb74dd6d8b2a6ec501d8fa5556287ab5d0c90ea366ccf65a0a970d90b360
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8CA15A36218B8187E718DF21F59479AB360FB89B84F944126DB9D03B24CF7DE166CB50
                                                                                                                                                                                                                                Function 00007FF7E71F30FC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                • API String ID: 808467561-2761157908
                                                                                                                                                                                                                                • Opcode ID: 3af33b1c53459be822e3926673cf8556ce12eec6cba7b9f0bf56be9fb2bd3e29
                                                                                                                                                                                                                                • Instruction ID: c3d2184ca58f3a9d1b273af9af287d3012baf7a66f7dad7f2289f9adecc984e0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3af33b1c53459be822e3926673cf8556ce12eec6cba7b9f0bf56be9fb2bd3e29
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 06B2F672A183928BE739DF64E4407FDB7A1FF94384F801136DB2957A84DB38A912CB51
                                                                                                                                                                                                                                Function 00007FF7E71D7420 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,00007FF7E71D26A0), ref: 00007FF7E71D7447
                                                                                                                                                                                                                                • FormatMessageW.KERNEL32(00000000,00007FF7E71D26A0), ref: 00007FF7E71D7476
                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32 ref: 00007FF7E71D74CC
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D2620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7E71D76B4,?,?,?,?,?,?,?,?,?,?,?,00007FF7E71D101D), ref: 00007FF7E71D2654
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D2620: MessageBoxW.USER32 ref: 00007FF7E71D272C
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLastMessage$ByteCharFormatMultiWide
                                                                                                                                                                                                                                • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                                                                                • API String ID: 2920928814-2573406579
                                                                                                                                                                                                                                • Opcode ID: 1ca30c699dbe1e4654e7c4d5696967e2b1b1a4f4c1085b5d0a2cfb7980eebcbf
                                                                                                                                                                                                                                • Instruction ID: 50e6ff9aacf314b3e3bb16fee1a54029d1b3e6f875f7840070163eba1aeb2ac1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1ca30c699dbe1e4654e7c4d5696967e2b1b1a4f4c1085b5d0a2cfb7980eebcbf
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3F21623160CB4281E664EF14F89436AE665BFC8345FC40037D76D826A5EF3CD1168B22
                                                                                                                                                                                                                                Function 00007FF7E71DB5DC Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3140674995-0
                                                                                                                                                                                                                                • Opcode ID: fbdfe3cbec041ac85cd1f64ea4b15fcfe09a87be1aa09ac25d8a719fe1a921a3
                                                                                                                                                                                                                                • Instruction ID: 6a170e19de84a04a5a7dd6c2fe6ecb5076a1c8cadb1c545ce46a6b5e4f70cd84
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fbdfe3cbec041ac85cd1f64ea4b15fcfe09a87be1aa09ac25d8a719fe1a921a3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AF314D72608B8186EB64AF60F8803EDA364FB84744F84403ADB5E47A98DF3CD549CB21
                                                                                                                                                                                                                                Function 00007FF7E71E9A14 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1239891234-0
                                                                                                                                                                                                                                • Opcode ID: e7141d2691e6fffc336151182819a094942dc067ac16da689744b042d81b35af
                                                                                                                                                                                                                                • Instruction ID: 689917fe3688b6449a1ec3cd6be401314186454e50c72f5225b140fe20e322a4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e7141d2691e6fffc336151182819a094942dc067ac16da689744b042d81b35af
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF316D32618F8186DB20DB25E8803AAB3A4FBC9754F940136EBAD43B54DF3CD5568B11
                                                                                                                                                                                                                                Function 00007FF7E71F08E4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2227656907-0
                                                                                                                                                                                                                                • Opcode ID: f73aa23eabfd20fda03901ff7faf855d9e478a94a0c2f1e1aa16d97b926a899c
                                                                                                                                                                                                                                • Instruction ID: bda1bf0fb724d825237d6aa0043c1f567a7420a176fceb148ac7a232d2f75ef6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f73aa23eabfd20fda03901ff7faf855d9e478a94a0c2f1e1aa16d97b926a899c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4AB1B226B1979241EA65AB21F4103B9E250FF84BD4F844137EF6E47A85DE3CE552C322
                                                                                                                                                                                                                                Function 00007FF7E71F2C60 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy_s
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1502251526-0
                                                                                                                                                                                                                                • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                • Instruction ID: 7ce8bdae114a4d1dcec361bfadaa5a88f902727c3215c81cfc9477547331ade6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0AC1D172B1878687E728DF19F04476EB791FB88B84F848136DB6A43744DA3DE852CB41
                                                                                                                                                                                                                                Function 00007FF7E71F8A98 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 15204871-0
                                                                                                                                                                                                                                • Opcode ID: 90f8d2508151a2821edd8705c6830792bf37d4c2f418efb34635905aa3d93be8
                                                                                                                                                                                                                                • Instruction ID: 74f0de4de8902b857353b526d41009256d2970d83e420d61a8f37399e755b1d6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 90f8d2508151a2821edd8705c6830792bf37d4c2f418efb34635905aa3d93be8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DCB18073610B898BEB19DF29D44636C7BE0FB84B48F548922DB6D837A4CB39D462C711
                                                                                                                                                                                                                                Function 00007FF7E71D7790 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2295610775-0
                                                                                                                                                                                                                                • Opcode ID: d7ae6b57d221e0bba94e95162e8d18faf84dbf886ae199d20af9c81c2035df64
                                                                                                                                                                                                                                • Instruction ID: 3749f8084d51fd6d4e8adffe9ace1e571f3e85891ec870a9c851b9cff4b800e1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d7ae6b57d221e0bba94e95162e8d18faf84dbf886ae199d20af9c81c2035df64
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E3F03122A1978286E7A0DF64F489766B360FB84729F844636D67D026D4DF3CD01A8A11
                                                                                                                                                                                                                                Function 00007FF7E71E2B34 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: $
                                                                                                                                                                                                                                • API String ID: 0-227171996
                                                                                                                                                                                                                                • Opcode ID: a020c1348df748786c6fc3e6f0d32bf571f59c10c0dece7ade91a17eca74ce91
                                                                                                                                                                                                                                • Instruction ID: f78f865893c8ffc303c518ebaa73b496bc56f9af8bcfcdfbbb533d65d4fbdac4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a020c1348df748786c6fc3e6f0d32bf571f59c10c0dece7ade91a17eca74ce91
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CBE1B932918B4683D768AE25E060239B3A0FF85B54F944137DA6E87794DF39E883C753
                                                                                                                                                                                                                                Function 00007FF7E71ECFC8 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: e+000$gfff
                                                                                                                                                                                                                                • API String ID: 0-3030954782
                                                                                                                                                                                                                                • Opcode ID: 5a7a9f69d7c0008c7cda2ee947bdc0d9f87d51e3163b40c536a3f3ccbb6c484c
                                                                                                                                                                                                                                • Instruction ID: 0eaa55d35fe7a3651bf4267bfc91101c54089567d17b8c7cd93fea2d723c7445
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5a7a9f69d7c0008c7cda2ee947bdc0d9f87d51e3163b40c536a3f3ccbb6c484c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA515872B183D547E7249B35E80176DE791E784B94F88A232CBB887AC5CF3DD4468712
                                                                                                                                                                                                                                Function 00007FF7E71EF938 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1010374628-0
                                                                                                                                                                                                                                • Opcode ID: d9c3fe3541d8cc50b57763fefdf599488ea3422849496e59e15aa9730f7a25ee
                                                                                                                                                                                                                                • Instruction ID: f2dd454f22d60c91614cf617baa1652c2cc57777ca81b4a4f08a86c72124bba9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d9c3fe3541d8cc50b57763fefdf599488ea3422849496e59e15aa9730f7a25ee
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1F029121A2979242EA95BB11F4043B9A698EF81B90FC44537ED7D8A3D1DF3CE4438323
                                                                                                                                                                                                                                Function 00007FF7E71ECB34 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: gfffffff
                                                                                                                                                                                                                                • API String ID: 0-1523873471
                                                                                                                                                                                                                                • Opcode ID: cf9e926bd06e6296f4aba0f07622bacccd0840f3ce88d9759f2d176c501fd3f5
                                                                                                                                                                                                                                • Instruction ID: 962dcf09b3d643bbf9898f225134eeda0ee62fbe6ad0461faa268bbf7fd07ff1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cf9e926bd06e6296f4aba0f07622bacccd0840f3ce88d9759f2d176c501fd3f5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CCA14863A187C547EB21DF29E8107A9BB91EB907C4F448132DEAD87785DA3DE502C712
                                                                                                                                                                                                                                Function 00007FF7E71E6EC8 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID: TMP
                                                                                                                                                                                                                                • API String ID: 3215553584-3125297090
                                                                                                                                                                                                                                • Opcode ID: ec640adac2f88b1d3391d3d7222849678fbd48a7668bf7398b1338a4f0517d20
                                                                                                                                                                                                                                • Instruction ID: 3193839224de7a23e591e91662c2b0bcb8d78cf6986202538efc2bd3d63dbf25
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ec640adac2f88b1d3391d3d7222849678fbd48a7668bf7398b1338a4f0517d20
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F751B621B0871242FA58B726F9117BAE291EFC5BC4FC84436DE2D87796DE3CE4134222
                                                                                                                                                                                                                                Function 00007FF7E71F24D0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: HeapProcess
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 54951025-0
                                                                                                                                                                                                                                • Opcode ID: 9f41e9cda47aae22f82be4ce0ab7cd412b3cc0fc70eb2a248d538cdb5c6fb34a
                                                                                                                                                                                                                                • Instruction ID: 6051da9bd5aff26dd01eb5fe72ff95593d28e7e44648a523080dc9236910a2de
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9f41e9cda47aae22f82be4ce0ab7cd412b3cc0fc70eb2a248d538cdb5c6fb34a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B3B09224E0BB06C3EA08BB11AC8231463B87F88700FD9007AC56C41320DF3C24B6A722
                                                                                                                                                                                                                                Function 00007FF7E71E2730 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 45d7714d5ca7358c377d8bb445432fedb4a83b36a583ecf09d0c06c9540aab40
                                                                                                                                                                                                                                • Instruction ID: 3a0e4c99368c7df7aaf101cbe954a5be1a8084c4b5abdbee5dd5322b2ceff50b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 45d7714d5ca7358c377d8bb445432fedb4a83b36a583ecf09d0c06c9540aab40
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FCD1C722E08B4247E768AA25E46073DA3A0FB85B58F945136CE2DC7694DF3DD843C363
                                                                                                                                                                                                                                Function 00007FF7E71D9CC0 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 0b086e8f388e79d9875e8562cc3e7603ffd3c462abec3081be3315d6d619fb4b
                                                                                                                                                                                                                                • Instruction ID: aa009d1ce4446c02a4bf2ba0dd280aa719fed0491c721f7ae60666d873bc17f5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b086e8f388e79d9875e8562cc3e7603ffd3c462abec3081be3315d6d619fb4b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46C119721181E04BD289EB29E45A97A73D0F7C830AFD4442BEB9B67B85C63CE514DB21
                                                                                                                                                                                                                                Function 00007FF7E71E1DA0 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 77a137f81fa1c86087b3fd9088994328934f22d67f6cc1e45e2630c66c22d56c
                                                                                                                                                                                                                                • Instruction ID: a58782060e5c35575d8f31dd95fcefa2223ffec8bd895100a1d6a3291f323272
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 77a137f81fa1c86087b3fd9088994328934f22d67f6cc1e45e2630c66c22d56c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 72B16E72A08B8586E765AF39E05023CBBA0F785B48FA40136DB5D87395CF39D442D763
                                                                                                                                                                                                                                Function 00007FF7E71ED648 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 3d476ef08b322c58c4413e10f71b0ed5290530b08392bb97c7a41ba5f57d2c99
                                                                                                                                                                                                                                • Instruction ID: 72e71467fbea611eb7b8b727aa8c49995738dd90447c4677c135bf955e578828
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3d476ef08b322c58c4413e10f71b0ed5290530b08392bb97c7a41ba5f57d2c99
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA81F572A0878187EB74DB19F44137AA690FBC9794F845236DAED87B85CF3CD4018B12
                                                                                                                                                                                                                                Function 00007FF7E71F5750 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                • Opcode ID: 1095f843d98438b20cb337fae70872a3e7dc8e72d94470ea3cbe73f8aa7f40ad
                                                                                                                                                                                                                                • Instruction ID: a1db5332457f00f03dea9453f5787c8b10bcab2b5c83141271a19c77a3f5cca5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1095f843d98438b20cb337fae70872a3e7dc8e72d94470ea3cbe73f8aa7f40ad
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B3610822E1875242FB2CA929E445339E681BFC0770FD4023BD77D866D1DE3CE8129722
                                                                                                                                                                                                                                Function 00007FF7E71E0EE4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: d861661aa08db629cc23cdca8c369b076586a2e450c00db1ba5d57a294e44a4f
                                                                                                                                                                                                                                • Instruction ID: 8248c0f7b1e5a493101586b3e27fa67187c972af485000f596dc0309fd3902c2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d861661aa08db629cc23cdca8c369b076586a2e450c00db1ba5d57a294e44a4f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D51B636A18B5187E7649B29E080338B3A0EB94F58F744136DE5C87795CB3AE853C792
                                                                                                                                                                                                                                Function 00007FF7E71E0AD4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: c32b4ddfd43473a216dec7aa9a0be5b617892f75f4149cffacdc7470c95e978f
                                                                                                                                                                                                                                • Instruction ID: 1e71e5037091552256c88e78aefeeb60d7bd754bc329150de9114305a4331599
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c32b4ddfd43473a216dec7aa9a0be5b617892f75f4149cffacdc7470c95e978f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C4519536A2875183E7249B29F04032873A0FB95B6CF744136CE9D87795CB3AE983C751
                                                                                                                                                                                                                                Function 00007FF7E71E12F4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 867914ff4df0b6b44d704adc42bbe88cde9096fdc707783f05752eff833c7ffe
                                                                                                                                                                                                                                • Instruction ID: 75315bc339704efb4bc26169b61a4df4173e5881f03c4f554b8cd27819c62340
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 867914ff4df0b6b44d704adc42bbe88cde9096fdc707783f05752eff833c7ffe
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0C51A676A1875183E7249B29E04033CB3A1EBC5F68F644132CE6D87B94DB3AE843D752
                                                                                                                                                                                                                                Function 00007FF7E71E08D0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 876697f8e8f5cbbdb44752562e3cb115d809b93d1bac5633a342ac63b65505f1
                                                                                                                                                                                                                                • Instruction ID: 011339ba88183f058a771e0a76db2ec91a7d6e61b365107838f9fa4df2a8bbce
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 876697f8e8f5cbbdb44752562e3cb115d809b93d1bac5633a342ac63b65505f1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 50519036A18B5186E7249F29F040328B7A0EBC5F58FB44136CA5D97798CB3AE843C761
                                                                                                                                                                                                                                Function 00007FF7E71E10F0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 6b4a4146db3bd1fe649265067838c8b0d7c1a5e97031d62dd0eb31e0fdd0228e
                                                                                                                                                                                                                                • Instruction ID: d215e46b5477d5228ea5f4ab5fece96c87796e16015c06a2e629acde5da3512d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6b4a4146db3bd1fe649265067838c8b0d7c1a5e97031d62dd0eb31e0fdd0228e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4551B036A18752C7E7249B29E44033CB7A1EB85F58FA84132CE5C97794CB3AE843D752
                                                                                                                                                                                                                                Function 00007FF7E71E0CE0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 1de1d42fcd570761cca71ddda72003ed022ec41b6526507f8e47f89f031e3167
                                                                                                                                                                                                                                • Instruction ID: 3e8d417fd49f72ea2cd5bb0881d1fb8ef8b31c8dc42e06d07d0013f46510df55
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1de1d42fcd570761cca71ddda72003ed022ec41b6526507f8e47f89f031e3167
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D518436A1875587E7249B29F040338B7A0EB84F58FB44136CE5D97798CB3AE843C751
                                                                                                                                                                                                                                Function 00007FF7E71E4E80 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                • Instruction ID: cad44f5ed68e2f1abb25802f5c577b47c34db094c743e0c8d1a5458e937b61f9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0341ED72C0974A47F995991C9900774A6C0DFE2BA0ED412B2FEBA933C3EC3C65879123
                                                                                                                                                                                                                                Function 00007FF7E71E8AD0 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 485612231-0
                                                                                                                                                                                                                                • Opcode ID: 78dcf682790de8efd8091c6720d965e488dfd40db2a2618002f9ee551094d6b6
                                                                                                                                                                                                                                • Instruction ID: 2f238f937705afc9f962f18c730eb199805eca6a92a0b3b0cfea633da1e91181
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 78dcf682790de8efd8091c6720d965e488dfd40db2a2618002f9ee551094d6b6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B141E262715B5482EF04DF2AE9542A9A3A5FB88FC4F89A033DE2D87B54DE3CD0428301
                                                                                                                                                                                                                                Function 00007FF7E71E6490 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: ee4673de95ce1c3203f19ce9ce644468e75f80e7845f38315ddde02822e300f2
                                                                                                                                                                                                                                • Instruction ID: b24673a814da7e47fd8a8dad66cf5596350c0bca58d19bddfc6d32e6fa4cf95e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ee4673de95ce1c3203f19ce9ce644468e75f80e7845f38315ddde02822e300f2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E2319631708B8243E714AB25B44026EA595EFC5BE0F94423AFA6D93BD9DF3CD4138715
                                                                                                                                                                                                                                Function 00007FF7E71F88E0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 5cc313cde0fef028e89f201561a38ee75bc55530e34bae0ee9c1053def84ead7
                                                                                                                                                                                                                                • Instruction ID: 02ebb9ce954a5bb3d17f1f49a2c06275e6b77a60ef4d72b2bfe2247ece9a33c2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5cc313cde0fef028e89f201561a38ee75bc55530e34bae0ee9c1053def84ead7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D2F068717182958BDBB4AF2DE802729B7E4F748380F80803ED6DD83B04D63C90618F15
                                                                                                                                                                                                                                Function 00007FF7E71DB7C0 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 6c002e7d7884e8c4061cd0b6b52ae5efdc83914f73eae79fef453be1d5e57078
                                                                                                                                                                                                                                • Instruction ID: 34a0e0a8272977b22c21c701e1d525471c8ff1c796662d108f769d47b27fd242
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6c002e7d7884e8c4061cd0b6b52ae5efdc83914f73eae79fef453be1d5e57078
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 57A0012294CE06D1E658AB08F8A0220A220FB91381BC51036D22E414A0DE3CA5128622
                                                                                                                                                                                                                                Function 00007FF7E71D55B0 Relevance: 166.5, APIs: 31, Strings: 64, Instructions: 287libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                                • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                                • API String ID: 2238633743-1453502826
                                                                                                                                                                                                                                • Opcode ID: a7ac00ce1a7fdfc215a9c78db55a5cef2ac37261bb2bde1204b0c918028e9db3
                                                                                                                                                                                                                                • Instruction ID: a6a6f7c2f1052388bc12e8ac0ec233fdad21ad056fb5a60da5f625dbbcc32115
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a7ac00ce1a7fdfc215a9c78db55a5cef2ac37261bb2bde1204b0c918028e9db3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16E1BB64A09B0390EA19FF14F890374E3B5BF85781BD85037D62D06258EF7CA566E732
                                                                                                                                                                                                                                Function 00007FF7E71D2030 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                                • String ID: P%
                                                                                                                                                                                                                                • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                                • Opcode ID: f5a3bd79b12c7c571d23b6b5ebdfb181c7e65479c9c05912b09222cce72f5b00
                                                                                                                                                                                                                                • Instruction ID: 6d9390407a4113db7ae316737b7813eef607f3b35c3ebf1f5d29cdc32ef4c1df
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f5a3bd79b12c7c571d23b6b5ebdfb181c7e65479c9c05912b09222cce72f5b00
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D5108266047A186D628AF26F4582BAF7A1FB98B61F044122EBDF43684DF3CD046DB10
                                                                                                                                                                                                                                Function 00007FF7E71E0158 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID: f$f$p$p$f
                                                                                                                                                                                                                                • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                                • Opcode ID: 864902cbb2e935f55fbb0b0f358a3d1305b233c90ffe52d12db1516ed6b7c985
                                                                                                                                                                                                                                • Instruction ID: 96c756b5a3e0b0bef854b95385ee20e4488c726cb2be084469cde4e9576dd0bf
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 864902cbb2e935f55fbb0b0f358a3d1305b233c90ffe52d12db1516ed6b7c985
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53126571E0C24387FB24BA14F1547B9E6A1EBC0754FE4403BD6E9866C4DB7CE5828B62
                                                                                                                                                                                                                                Function 00007FF7E71D12B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Message
                                                                                                                                                                                                                                • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                • API String ID: 2030045667-3659356012
                                                                                                                                                                                                                                • Opcode ID: a4535b3149898708a8536aacd51805d4cd497b3deda664be73552712e11ba28b
                                                                                                                                                                                                                                • Instruction ID: eca12d9aa26068d544d76436a529178d321094646e9c759a61895fbc2ec8e82a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a4535b3149898708a8536aacd51805d4cd497b3deda664be73552712e11ba28b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0E418C22A0874281EA14FB16F4803AAE3A0EF84795F854433DF6D03A45EF7CE5439B22
                                                                                                                                                                                                                                Function 00007FF7E71DDB70 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                • String ID: csm$csm$csm
                                                                                                                                                                                                                                • API String ID: 849930591-393685449
                                                                                                                                                                                                                                • Opcode ID: 905927d9e3da027d40e91907a7f1dd58b6d09944997845db9437df3d999e9f33
                                                                                                                                                                                                                                • Instruction ID: 713e6248c0ecfd966b2f92868e7acb6914b167638dd30f27ebe2a9a3f232615d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 905927d9e3da027d40e91907a7f1dd58b6d09944997845db9437df3d999e9f33
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 51E18572A087428AEB20AF65E4803ADB7A0FB85799F400537DF9D57B55CF38E442CB52
                                                                                                                                                                                                                                Function 00007FF7E71EDCE8 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,00000000,?,00007FF7E71EE082,?,?,000001AA02346A18,00007FF7E71EA153,?,?,?,00007FF7E71EA04A,?,?,?,00007FF7E71E53A2), ref: 00007FF7E71EDE64
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00000000,?,00007FF7E71EE082,?,?,000001AA02346A18,00007FF7E71EA153,?,?,?,00007FF7E71EA04A,?,?,?,00007FF7E71E53A2), ref: 00007FF7E71EDE70
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                • Opcode ID: 3f9ea5ddd66982662272f3b60427da02763780b89cc10366f1f57cf1354b879c
                                                                                                                                                                                                                                • Instruction ID: 100252fd72319c2d09cb58a25e04e957f7e378fbed65c7fdda360ac2aefbe4c2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3f9ea5ddd66982662272f3b60427da02763780b89cc10366f1f57cf1354b879c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 66411561B19B0242FA19EB16F804775A395FF85B90F886136DD6D97784DE3CE4078322
                                                                                                                                                                                                                                Function 00007FF7E71D7570 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 104COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7E71D101D), ref: 00007FF7E71D760F
                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7E71D101D), ref: 00007FF7E71D765F
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ByteCharMultiWide
                                                                                                                                                                                                                                • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                                • API String ID: 626452242-27947307
                                                                                                                                                                                                                                • Opcode ID: 4c75aad5540be6d6cf442b20722a3a637b86b79be2c0eb90bd337d9e394b857c
                                                                                                                                                                                                                                • Instruction ID: 4aab514cde0e967852d60a72bdd8a14dc72df504e4199cf27e6a52de262b073a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4c75aad5540be6d6cf442b20722a3a637b86b79be2c0eb90bd337d9e394b857c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5641A232A08B8282E624EF55F48026AE764FBC4790F984136DBAD47B94EF3CD063D711
                                                                                                                                                                                                                                Function 00007FF7E71D7AB0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00007FF7E71D3679), ref: 00007FF7E71D7AF1
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D2620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7E71D76B4,?,?,?,?,?,?,?,?,?,?,?,00007FF7E71D101D), ref: 00007FF7E71D2654
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D2620: MessageBoxW.USER32 ref: 00007FF7E71D272C
                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00007FF7E71D3679), ref: 00007FF7E71D7B65
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                                                                • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                                • API String ID: 3723044601-27947307
                                                                                                                                                                                                                                • Opcode ID: 92b52a23bf177b804bd471eb00781d9ecb554dad94de0916a037b448ee798d7d
                                                                                                                                                                                                                                • Instruction ID: d81bcbf32050d9b801744e2b7cb9527cadd10143e343d2308dea5af5a4d8786a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 92b52a23bf177b804bd471eb00781d9ecb554dad94de0916a037b448ee798d7d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 43219C21A08B4285EA14EF22F880279FB61AFD4B90B884136CB2D43795EF7CE5169712
                                                                                                                                                                                                                                Function 00007FF7E71E9194 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID: f$p$p
                                                                                                                                                                                                                                • API String ID: 3215553584-1995029353
                                                                                                                                                                                                                                • Opcode ID: 8b43f30c9b627f105c9440690760d813b6cbc2015482011a3dd154e3df4de9b0
                                                                                                                                                                                                                                • Instruction ID: d667d1d2ee45fe2bab7a4adfb1054cdcdffa8b75a8591027b87a6e9f1006e6e3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8b43f30c9b627f105c9440690760d813b6cbc2015482011a3dd154e3df4de9b0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B127161E0C34347FB24BA15F0547B9B6A2EBC0754FD44137E6AA866C4DB3CE5868B23
                                                                                                                                                                                                                                Function 00007FF7E71D7BA0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 99COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ByteCharMultiWide
                                                                                                                                                                                                                                • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                                                • API String ID: 626452242-876015163
                                                                                                                                                                                                                                • Opcode ID: 0d5216bbebe1e4d5e4fda212484cc9b67e4195dbf35dd583a6e8b35915cdcea1
                                                                                                                                                                                                                                • Instruction ID: a326c3631a424c61c4f2bb30ed4db7270bdb43f4ad8eda935f0b7159c388c215
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0d5216bbebe1e4d5e4fda212484cc9b67e4195dbf35dd583a6e8b35915cdcea1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD419132A18B4386EA24EF15F480369A6A5FB84790F940136DF6D47B94DF3CD053DB11
                                                                                                                                                                                                                                Function 00007FF7E71DCE28 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF7E71DD0DA,?,?,?,00007FF7E71DCDCC,?,?,00000001,00007FF7E71DC9E9), ref: 00007FF7E71DCEAD
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF7E71DD0DA,?,?,?,00007FF7E71DCDCC,?,?,00000001,00007FF7E71DC9E9), ref: 00007FF7E71DCEBB
                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF7E71DD0DA,?,?,?,00007FF7E71DCDCC,?,?,00000001,00007FF7E71DC9E9), ref: 00007FF7E71DCEE5
                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,?,00007FF7E71DD0DA,?,?,?,00007FF7E71DCDCC,?,?,00000001,00007FF7E71DC9E9), ref: 00007FF7E71DCF2B
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF7E71DD0DA,?,?,?,00007FF7E71DCDCC,?,?,00000001,00007FF7E71DC9E9), ref: 00007FF7E71DCF37
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                • String ID: api-ms-
                                                                                                                                                                                                                                • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                • Opcode ID: 5875a968ec1c8163f4728790c5c34772c02e6e55674a02490018482c9d800bcd
                                                                                                                                                                                                                                • Instruction ID: 7122505794d3db4ce6846e81bd5e274dafe3da37f6e8322764a8bacdae13f511
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5875a968ec1c8163f4728790c5c34772c02e6e55674a02490018482c9d800bcd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E531C721A1A74295EE15EF02F8507B5A294BF89BA1F994936DF3D46340DF3CE0428B21
                                                                                                                                                                                                                                Function 00007FF7E71D6460 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D79A0: MultiByteToWideChar.KERNEL32 ref: 00007FF7E71D79DA
                                                                                                                                                                                                                                • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF7E71D67AF,?,00000000,?,TokenIntegrityLevel), ref: 00007FF7E71D64BF
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D2770: MessageBoxW.USER32 ref: 00007FF7E71D2841
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF7E71D64D3
                                                                                                                                                                                                                                • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF7E71D651A
                                                                                                                                                                                                                                • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF7E71D6496
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                                • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                                                                                                                • API String ID: 1662231829-3498232454
                                                                                                                                                                                                                                • Opcode ID: b60e1185c9f9ee707b49e7ed4e3a4a995e0c101ca8882adb9a2ed2a45595f786
                                                                                                                                                                                                                                • Instruction ID: 471986698c023c7814121b0a59bd2f0f3d2c1a25d4ca826ee8db91370bf53ed6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b60e1185c9f9ee707b49e7ed4e3a4a995e0c101ca8882adb9a2ed2a45595f786
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF316611B1874241FA24F725F9953BAD251AFD87C1FC44433DB6E4279AEE3CE5068B22
                                                                                                                                                                                                                                Function 00007FF7E71D79A0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32 ref: 00007FF7E71D79DA
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D2620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7E71D76B4,?,?,?,?,?,?,?,?,?,?,?,00007FF7E71D101D), ref: 00007FF7E71D2654
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D2620: MessageBoxW.USER32 ref: 00007FF7E71D272C
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32 ref: 00007FF7E71D7A60
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                                                                • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                                                • API String ID: 3723044601-876015163
                                                                                                                                                                                                                                • Opcode ID: ee2ee3c888b621b3c3f4dc33b354bcabab4fe5f972038a38ac2187e11a85846b
                                                                                                                                                                                                                                • Instruction ID: 6fc51b0188ca401f5155f5789f42d0d9afe3a7026cf13a31c9b9a137a37c7bf3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ee2ee3c888b621b3c3f4dc33b354bcabab4fe5f972038a38ac2187e11a85846b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CD219322B08B4241EB14EB19F440265E761EFC57C4F984132DB6C93BA9EE3CD5529B11
                                                                                                                                                                                                                                Function 00007FF7E71EA550 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF7E71F2363,?,?,?,00007FF7E71ECABC,?,?,00000000,00007FF7E71E398F,?,?,?,00007FF7E71E9243), ref: 00007FF7E71EA55F
                                                                                                                                                                                                                                • FlsGetValue.KERNEL32(?,?,?,00007FF7E71F2363,?,?,?,00007FF7E71ECABC,?,?,00000000,00007FF7E71E398F,?,?,?,00007FF7E71E9243), ref: 00007FF7E71EA574
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7E71F2363,?,?,?,00007FF7E71ECABC,?,?,00000000,00007FF7E71E398F,?,?,?,00007FF7E71E9243), ref: 00007FF7E71EA595
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7E71F2363,?,?,?,00007FF7E71ECABC,?,?,00000000,00007FF7E71E398F,?,?,?,00007FF7E71E9243), ref: 00007FF7E71EA5C2
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7E71F2363,?,?,?,00007FF7E71ECABC,?,?,00000000,00007FF7E71E398F,?,?,?,00007FF7E71E9243), ref: 00007FF7E71EA5D3
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7E71F2363,?,?,?,00007FF7E71ECABC,?,?,00000000,00007FF7E71E398F,?,?,?,00007FF7E71E9243), ref: 00007FF7E71EA5E4
                                                                                                                                                                                                                                • SetLastError.KERNEL32(?,?,?,00007FF7E71F2363,?,?,?,00007FF7E71ECABC,?,?,00000000,00007FF7E71E398F,?,?,?,00007FF7E71E9243), ref: 00007FF7E71EA5FF
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Value$ErrorLast
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2506987500-0
                                                                                                                                                                                                                                • Opcode ID: 408c089a3b640914283472138efc63105aff7241411df2dd409cda215309df11
                                                                                                                                                                                                                                • Instruction ID: 2cdc1f76e22c140503dc4f6202bb88e74fb60d1487d4eb87ba5a3e31dbe94fe6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 408c089a3b640914283472138efc63105aff7241411df2dd409cda215309df11
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF215E20B0D34283FA58B321F645379E2669FC47B4F940636D93E866C6DE3CE4478223
                                                                                                                                                                                                                                Function 00007FF7E71F6F9C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                • String ID: CONOUT$
                                                                                                                                                                                                                                • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                • Opcode ID: 5d0318ae55f50b6dcee6d616b573d53fae0e0d17b0b79c1b3a6779b9b80778ff
                                                                                                                                                                                                                                • Instruction ID: 455925103bbc5498292e1f086ab2c81de9bc46348fe3237b168950e5ef8dba74
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d0318ae55f50b6dcee6d616b573d53fae0e0d17b0b79c1b3a6779b9b80778ff
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD11D021B18B4186E750AB02F854329F2A4FFC9FE4F840236EA2D83794DF3CD8168761
                                                                                                                                                                                                                                Function 00007FF7E71EA6C8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF7E71E437D,?,?,?,?,00007FF7E71EDCD7,?,?,00000000,00007FF7E71EA7E6,?,?,?), ref: 00007FF7E71EA6D7
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7E71E437D,?,?,?,?,00007FF7E71EDCD7,?,?,00000000,00007FF7E71EA7E6,?,?,?), ref: 00007FF7E71EA70D
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7E71E437D,?,?,?,?,00007FF7E71EDCD7,?,?,00000000,00007FF7E71EA7E6,?,?,?), ref: 00007FF7E71EA73A
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7E71E437D,?,?,?,?,00007FF7E71EDCD7,?,?,00000000,00007FF7E71EA7E6,?,?,?), ref: 00007FF7E71EA74B
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7E71E437D,?,?,?,?,00007FF7E71EDCD7,?,?,00000000,00007FF7E71EA7E6,?,?,?), ref: 00007FF7E71EA75C
                                                                                                                                                                                                                                • SetLastError.KERNEL32(?,?,?,00007FF7E71E437D,?,?,?,?,00007FF7E71EDCD7,?,?,00000000,00007FF7E71EA7E6,?,?,?), ref: 00007FF7E71EA777
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Value$ErrorLast
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2506987500-0
                                                                                                                                                                                                                                • Opcode ID: b9ed1a4e590336ba34b9cc0adcda05e316cd19dcf21a64e85ad9e9ab5a233fdb
                                                                                                                                                                                                                                • Instruction ID: 573673b260cbd9232b9956ed372057351566bb338d231c068c2d9f32bc78cba5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b9ed1a4e590336ba34b9cc0adcda05e316cd19dcf21a64e85ad9e9ab5a233fdb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F113824E0D34243FA58F331E645279E2A69FC47B0F840236E93E866D6DE3DA4478222
                                                                                                                                                                                                                                Function 00007FF7E71DE3A4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 162COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record__std_exception_copy
                                                                                                                                                                                                                                • String ID: csm$csm
                                                                                                                                                                                                                                • API String ID: 851805269-3733052814
                                                                                                                                                                                                                                • Opcode ID: 9800ab22ff9ec3031df11c68b1b6988b1d6dca39287b35c2ac61cac3dceebb2d
                                                                                                                                                                                                                                • Instruction ID: f9d572aae82b4524633bbc8b1dc4c96f076c1c135c5ddcd665fdf515b58185dd
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9800ab22ff9ec3031df11c68b1b6988b1d6dca39287b35c2ac61cac3dceebb2d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1B61B33290C74286EB24AF25E484368B7A0EB94B96F844133DBAD47795DF3CE456CF12
                                                                                                                                                                                                                                Function 00007FF7E71DC7E8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                                • String ID: csm$f
                                                                                                                                                                                                                                • API String ID: 2395640692-629598281
                                                                                                                                                                                                                                • Opcode ID: 2ca7bf8577ec542d0e69192cc971812b89960c92109ccbd26765ab8ebdf2d4b6
                                                                                                                                                                                                                                • Instruction ID: 8ab03f1e5c5987b3be264e862fcf2da6be140608e34c9f9cc8f31f93b4334bd9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2ca7bf8577ec542d0e69192cc971812b89960c92109ccbd26765ab8ebdf2d4b6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E51DA31A097018EEB18EF15F480B29B756FB80789F908536DB6E47744EF38E842CB15
                                                                                                                                                                                                                                Function 00007FF7E71D2240 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                                • String ID: Unhandled exception in script
                                                                                                                                                                                                                                • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                                • Opcode ID: 1c75f085d0d1285afa7d256397b39d5154ba0e32df1410c11512219579e8eefc
                                                                                                                                                                                                                                • Instruction ID: cb5b9fe37d844b8ddb4b340d25d16d1e1dec8a841a9e313814fce1d7be4a8038
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c75f085d0d1285afa7d256397b39d5154ba0e32df1410c11512219579e8eefc
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 29314032609B8289EB24EF61F8552E9B360FF89784F840136EA5E4BB55DF3CD146C712
                                                                                                                                                                                                                                Function 00007FF7E71D2620 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7E71D76B4,?,?,?,?,?,?,?,?,?,?,?,00007FF7E71D101D), ref: 00007FF7E71D2654
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D7420: GetLastError.KERNEL32(00000000,00007FF7E71D26A0), ref: 00007FF7E71D7447
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D7420: FormatMessageW.KERNEL32(00000000,00007FF7E71D26A0), ref: 00007FF7E71D7476
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D79A0: MultiByteToWideChar.KERNEL32 ref: 00007FF7E71D79DA
                                                                                                                                                                                                                                • MessageBoxW.USER32 ref: 00007FF7E71D272C
                                                                                                                                                                                                                                • MessageBoxA.USER32 ref: 00007FF7E71D2748
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Message$ErrorLast$ByteCharFormatMultiWide
                                                                                                                                                                                                                                • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                                                • API String ID: 2806210788-2410924014
                                                                                                                                                                                                                                • Opcode ID: 69e3767f8cdd6c35a8cd2c47750a455f0093d4d97caca0efebb433e2d8ab7874
                                                                                                                                                                                                                                • Instruction ID: 8cd49527202bd84aa7e6a306efb4d982036f231539c084f11b1ba1fc7675df7c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 69e3767f8cdd6c35a8cd2c47750a455f0093d4d97caca0efebb433e2d8ab7874
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4B315E72628B8291EA24EB10F4917EAA364FFC4785FC44037EB9D06699DF3CD206CB51
                                                                                                                                                                                                                                Function 00007FF7E71E8810 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                • Opcode ID: b22ba27cf5ec64e3c37270bb25822a4f1a3ee3e342d89922054c394a8bf0263d
                                                                                                                                                                                                                                • Instruction ID: c011b0edebd2ce68d606edbfcfa141f3ee425825320ecfe4ea0731393e438a4a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b22ba27cf5ec64e3c37270bb25822a4f1a3ee3e342d89922054c394a8bf0263d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 91F0A461A09B0241EB14AB24F8453399330EFC5755FC81236DA7D451E4CF3CD006C321
                                                                                                                                                                                                                                Function 00007FF7E71F86D4 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _set_statfp
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1156100317-0
                                                                                                                                                                                                                                • Opcode ID: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                                                                                                                                • Instruction ID: 84eff07cf34d7ef4d1c68c6f3ca1ac7bb33ca5062f75dc06944f343170a53951
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D9118F66E5CB4305F75C3164F45237994406FD53A4F940B36EB7E1A2E6CE3CA8A34132
                                                                                                                                                                                                                                Function 00007FF7E71EA790 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FlsGetValue.KERNEL32(?,?,?,00007FF7E71E99A3,?,?,00000000,00007FF7E71E9C3E,?,?,?,?,?,00007FF7E71E211C), ref: 00007FF7E71EA7AF
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7E71E99A3,?,?,00000000,00007FF7E71E9C3E,?,?,?,?,?,00007FF7E71E211C), ref: 00007FF7E71EA7CE
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7E71E99A3,?,?,00000000,00007FF7E71E9C3E,?,?,?,?,?,00007FF7E71E211C), ref: 00007FF7E71EA7F6
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7E71E99A3,?,?,00000000,00007FF7E71E9C3E,?,?,?,?,?,00007FF7E71E211C), ref: 00007FF7E71EA807
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7E71E99A3,?,?,00000000,00007FF7E71E9C3E,?,?,?,?,?,00007FF7E71E211C), ref: 00007FF7E71EA818
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Value
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3702945584-0
                                                                                                                                                                                                                                • Opcode ID: 1866f34fa7f79f3022db2fd0a4456b1afab4f469433fcd6442c1cb9f0b531661
                                                                                                                                                                                                                                • Instruction ID: d5eeabedc25729b4e0f8c0f6eed0f2754fa6855549d79e58a5f6690bfc32d516
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1866f34fa7f79f3022db2fd0a4456b1afab4f469433fcd6442c1cb9f0b531661
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4B114D20F0D70243FA58B325F645779D2569F847B0F885236D93D866D6DE3CA4478222
                                                                                                                                                                                                                                Function 00007FF7E71EA624 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7E71F2363,?,?,?,00007FF7E71ECABC,?,?,00000000,00007FF7E71E398F), ref: 00007FF7E71EA635
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7E71F2363,?,?,?,00007FF7E71ECABC,?,?,00000000,00007FF7E71E398F), ref: 00007FF7E71EA654
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7E71F2363,?,?,?,00007FF7E71ECABC,?,?,00000000,00007FF7E71E398F), ref: 00007FF7E71EA67C
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7E71F2363,?,?,?,00007FF7E71ECABC,?,?,00000000,00007FF7E71E398F), ref: 00007FF7E71EA68D
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7E71F2363,?,?,?,00007FF7E71ECABC,?,?,00000000,00007FF7E71E398F), ref: 00007FF7E71EA69E
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Value
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3702945584-0
                                                                                                                                                                                                                                • Opcode ID: e6a4540a5dfa42a6e095f599f9e5a878cb7ff9b4d696c427789b65f028acb1c3
                                                                                                                                                                                                                                • Instruction ID: 856011661a76659a8d524d540cf2a579bb0b887f4891215d89f394e2167bbaf1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e6a4540a5dfa42a6e095f599f9e5a878cb7ff9b4d696c427789b65f028acb1c3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2611C520E0930343FA58B631E5553B992569FCA374E991636D93E8A2D6DD3CB8478233
                                                                                                                                                                                                                                Function 00007FF7E71EF0C8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                • Opcode ID: 0a85a650483ad60012865602343b5a273e15b3a1a81ddf8674274c6c15df3bc7
                                                                                                                                                                                                                                • Instruction ID: 3d3c0ff671adf808035cb89a4006415650950afda0442d3fb5a85e081d6be77c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0a85a650483ad60012865602343b5a273e15b3a1a81ddf8674274c6c15df3bc7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FA817376D283C387F6E46E25E100378A698EB95784FD54036DE29D7285DB3DE5039323
                                                                                                                                                                                                                                Function 00007FF7E71DE048 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                • String ID: MOC$RCC
                                                                                                                                                                                                                                • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                • Opcode ID: b915d9317e93b4a578d272aa80a630b017422358f6ab493f0d79254b27da14c1
                                                                                                                                                                                                                                • Instruction ID: a9a77a9b453d8a5502f18ddc12444421bc0db40da9cca548e5723c79b417445b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b915d9317e93b4a578d272aa80a630b017422358f6ab493f0d79254b27da14c1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1F618033A08B468AE710DF65E4803ADB7A0F784B89F444226EF5D17B94DF38E146CB11
                                                                                                                                                                                                                                Function 00007FF7E71D24D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                                • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                                                • API String ID: 1878133881-2410924014
                                                                                                                                                                                                                                • Opcode ID: 87d498f1f2eba1085113bd965dcd85bf0b0aec07eea02affa6468b175f4c1a2f
                                                                                                                                                                                                                                • Instruction ID: 65cf70271a4ebc3dcbe2358d7cd2b2d53040f320e6b37d7d9817d12062056351
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 87d498f1f2eba1085113bd965dcd85bf0b0aec07eea02affa6468b175f4c1a2f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62314E72628B8291EA24FB10F4517EAA365FFC4784FC44036EB9D46699DE3CD306CB61
                                                                                                                                                                                                                                Function 00007FF7E71D3B80 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,00007FF7E71D3679), ref: 00007FF7E71D3BB1
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D2620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7E71D76B4,?,?,?,?,?,?,?,?,?,?,?,00007FF7E71D101D), ref: 00007FF7E71D2654
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D2620: MessageBoxW.USER32 ref: 00007FF7E71D272C
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorFileLastMessageModuleName
                                                                                                                                                                                                                                • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                                                                                                • API String ID: 2581892565-1977442011
                                                                                                                                                                                                                                • Opcode ID: ecd9224541c82b8805659ffed1dacaf8541a9c5a4d14f69c88a104199cf53391
                                                                                                                                                                                                                                • Instruction ID: 523180b79b99d85201dc5fe24b8380c5988acbd7e05506e52c36f2574e962741
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ecd9224541c82b8805659ffed1dacaf8541a9c5a4d14f69c88a104199cf53391
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16018D21B1C74281FA54F714F4863B59355AFD87C5FC41033DA6E86252DE7DE2078B22
                                                                                                                                                                                                                                Function 00007FF7E71EB9A0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2718003287-0
                                                                                                                                                                                                                                • Opcode ID: 3b6644ee017022d719a3afab9fc978a5fba374dbb9fb0623c46dfb0064678277
                                                                                                                                                                                                                                • Instruction ID: 88e532a4fdf59903b4ca8d8e429bf82b801224b392058e119db59032fe288263
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3b6644ee017022d719a3afab9fc978a5fba374dbb9fb0623c46dfb0064678277
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2CD10632B18B418AE721DF65E4806AC77B1FB84798B844137DE6E97B99DE38E017C311
                                                                                                                                                                                                                                Function 00007FF7E71D1F70 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1956198572-0
                                                                                                                                                                                                                                • Opcode ID: 162ef6909b0da24e61350fefbcaa0130b5f771c4d53ef42d88aea1c24daf7f6c
                                                                                                                                                                                                                                • Instruction ID: 7ae150d53b8b86cb67fa86c5e81452d3956d568a63a99bc336b13b90577f37e1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 162ef6909b0da24e61350fefbcaa0130b5f771c4d53ef42d88aea1c24daf7f6c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8C110021E1834241F654A759F5843FA9292EFC9BC1FC94032EB6907B8DCE3CD4D75612
                                                                                                                                                                                                                                Function 00007FF7E71F4C6C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID: ?
                                                                                                                                                                                                                                • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                • Opcode ID: 0b8ca87835c30e7dd9a6d8efabbb9b2e46a436efc16959cb60937fa9fb99071e
                                                                                                                                                                                                                                • Instruction ID: dc742c933d4e5f9f3e476a8444e1fed128d1e19b09272340315672a4defe11e4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b8ca87835c30e7dd9a6d8efabbb9b2e46a436efc16959cb60937fa9fb99071e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD41B312A1878246FB78AB25F401379E6A0EFD07A4F944237EF6C46AD9DE3CD4538711
                                                                                                                                                                                                                                Function 00007FF7E71E7D9C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E71E7DCE
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71E9D48: RtlFreeHeap.NTDLL(?,?,?,00007FF7E71F1D72,?,?,?,00007FF7E71F1DAF,?,?,00000000,00007FF7E71F2275,?,?,?,00007FF7E71F21A7), ref: 00007FF7E71E9D5E
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71E9D48: GetLastError.KERNEL32(?,?,?,00007FF7E71F1D72,?,?,?,00007FF7E71F1DAF,?,?,00000000,00007FF7E71F2275,?,?,?,00007FF7E71F21A7), ref: 00007FF7E71E9D68
                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF7E71DADA5), ref: 00007FF7E71E7DEC
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID: C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                                • API String ID: 3580290477-2252155340
                                                                                                                                                                                                                                • Opcode ID: 51e6a1df85e6b8727f5a5399446d791ce4e9a1b0ebf56f2411f665e3e6ab5c6a
                                                                                                                                                                                                                                • Instruction ID: fe6651bf93def5140c5bd12bbebf4bdb83f707dac9fad70197528b0497c54f1c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 51e6a1df85e6b8727f5a5399446d791ce4e9a1b0ebf56f2411f665e3e6ab5c6a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 07414136A0871286F715EF25E8402F9B7A4FF84794B944036E96E87745DF3CE4928362
                                                                                                                                                                                                                                Function 00007FF7E71EC038 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                • String ID: U
                                                                                                                                                                                                                                • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                • Opcode ID: 25d3c82af5dee18dec41a6839be42a4efbc899a14913ea0c1072e724c64aea02
                                                                                                                                                                                                                                • Instruction ID: 64e6eb64b230df994e44bf9ac783c5bdef570d073f992b6904f266874684ede3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 25d3c82af5dee18dec41a6839be42a4efbc899a14913ea0c1072e724c64aea02
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6D41B432718B4186DB20EF25F8443AAA761FB88794F944032EE5D87798DF3CE442C751
                                                                                                                                                                                                                                Function 00007FF7E71EE438 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentDirectory
                                                                                                                                                                                                                                • String ID: :
                                                                                                                                                                                                                                • API String ID: 1611563598-336475711
                                                                                                                                                                                                                                • Opcode ID: 337811278158943dc12376dc7550913df66d0a9835a82896272fb1d86e1f30b6
                                                                                                                                                                                                                                • Instruction ID: 0e7b3ad9aa68a1b4ae70c4cad15029da38746bf6741badb2a76affc70e5b4bf7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 337811278158943dc12376dc7550913df66d0a9835a82896272fb1d86e1f30b6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 85218472A0874282FB24EB25E44836DA3B1FBC4B44F854036D65D87284DF7CE946C762
                                                                                                                                                                                                                                Function 00007FF7E71D2880 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                                • String ID: Error detected
                                                                                                                                                                                                                                • API String ID: 1878133881-3513342764
                                                                                                                                                                                                                                • Opcode ID: 06108ee8a0dfea952a12a3b0306062f889501f0bb9d520917d4d6b2389df326d
                                                                                                                                                                                                                                • Instruction ID: 094f0d00a12819bf5f8a6c9c30803a48a007b073309cc76c9c2b49e011c6878f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 06108ee8a0dfea952a12a3b0306062f889501f0bb9d520917d4d6b2389df326d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA21517262878291EA24E710F4917EAA365FFC4788FC04136EB9D47699DF3CD206CB61
                                                                                                                                                                                                                                Function 00007FF7E71D2770 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                                • String ID: Fatal error detected
                                                                                                                                                                                                                                • API String ID: 1878133881-4025702859
                                                                                                                                                                                                                                • Opcode ID: d8350b2dd45537fcb102945a95e56e5fec4cbfd54fbf68520de5e8d25681b826
                                                                                                                                                                                                                                • Instruction ID: 468673be7787a2b0a75197d78600a4527fcd4a99ff5bfd34723f3cd4a0fe18c5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d8350b2dd45537fcb102945a95e56e5fec4cbfd54fbf68520de5e8d25681b826
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7421817262878281EA24E710F4917EAA365FFC4788FC04036EB9D47699DF3CD206CB61
                                                                                                                                                                                                                                Function 00007FF7E71DEEE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                • String ID: csm
                                                                                                                                                                                                                                • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                • Opcode ID: 858846fea34555fb8d2c4f12b26bdb04a58b0d9f624c4d397e9619eb30fde2ff
                                                                                                                                                                                                                                • Instruction ID: 51e7e37a19076e4a38b42c99c9743db245e0ba8b02f0341c161e5c65c3fa885a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 858846fea34555fb8d2c4f12b26bdb04a58b0d9f624c4d397e9619eb30fde2ff
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6B113A32618B8582EB259F15F4403A9B7A5FB88B95F9C4232EF9C07768DF3CD5568B00
                                                                                                                                                                                                                                Function 00007FF7E71EEF3C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.4718407837.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718374099.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718463663.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718491963.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.4718597831.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID: :
                                                                                                                                                                                                                                • API String ID: 2595371189-336475711
                                                                                                                                                                                                                                • Opcode ID: 4110ab54a1292af6c610fc14bebcfde478b3b42ba13f09fd81a5f0b3dffa68e3
                                                                                                                                                                                                                                • Instruction ID: 407fd904f0be0d672ba40c8579cc8de132fd051b5582f0ab71f645abf26379fc
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4110ab54a1292af6c610fc14bebcfde478b3b42ba13f09fd81a5f0b3dffa68e3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 24015E6191C30387FB20BB60F45137EA3A0EF84744FC40137D66DC2691DE3CE54A8A26

                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                Execution Coverage:1.8%
                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                Signature Coverage:8.2%
                                                                                                                                                                                                                                Total number of Nodes:980
                                                                                                                                                                                                                                Total number of Limit Nodes:64
                                                                                                                                                                                                                                execution_graph 100304 7ff7e71d9620 100305 7ff7e71d964e 100304->100305 100306 7ff7e71d9635 100304->100306 100306->100305 100309 7ff7e71ec9fc 100306->100309 100310 7ff7e71eca47 100309->100310 100315 7ff7e71eca0b _get_daylight 100309->100315 100317 7ff7e71e4374 11 API calls _get_daylight 100310->100317 100311 7ff7e71eca2e HeapAlloc 100313 7ff7e71d96ac 100311->100313 100311->100315 100315->100310 100315->100311 100316 7ff7e71f25e0 EnterCriticalSection LeaveCriticalSection _get_daylight 100315->100316 100316->100315 100317->100313 100318 7ff8a93001f0 100323 7ff8a9300212 100318->100323 100319 7ff8a92f2428 memcpy memcpy SetLastError BIO_read 100319->100323 100320 7ff8a9300628 EVP_CIPHER_CTX_cipher EVP_CIPHER_flags 100322 7ff8a9300715 100320->100322 100320->100323 100321 7ff8a9300809 EVP_MD_CTX_md EVP_MD_size 100325 7ff8a930082e 100321->100325 100335 7ff8a930036d 100321->100335 100322->100321 100324 7ff8a930089f 100322->100324 100322->100335 100323->100319 100323->100320 100323->100322 100326 7ff8a9300e60 100323->100326 100323->100335 100327 7ff8a93009be EVP_MD_CTX_md 100324->100327 100324->100335 100341 7ff8a9300b03 100324->100341 100325->100324 100330 7ff8a930087c CRYPTO_memcmp 100325->100330 100325->100335 100328 7ff8a9300e6d strncmp 100326->100328 100326->100335 100329 7ff8a93009d3 EVP_MD_CTX_md EVP_MD_size 100327->100329 100327->100341 100331 7ff8a9300e92 strncmp 100328->100331 100328->100335 100340 7ff8a93009f0 100329->100340 100330->100325 100330->100335 100332 7ff8a9300eb2 strncmp 100331->100332 100331->100335 100333 7ff8a9300ecd strncmp 100332->100333 100332->100335 100333->100335 100336 7ff8a9300ee5 strncmp 100333->100336 100336->100335 100337 7ff8a9300a1f EVP_CIPHER_CTX_cipher EVP_CIPHER_flags 100338 7ff8a9300a4b EVP_CIPHER_CTX_cipher EVP_CIPHER_flags 100337->100338 100337->100340 100338->100340 100340->100337 100340->100338 100340->100341 100342 7ff8a9300ac6 CRYPTO_memcmp 100340->100342 100343 7ff8a92f23f6 memset 100340->100343 100341->100335 100344 7ff8a92f1cd5 CRYPTO_malloc COMP_expand_block 100341->100344 100342->100340 100343->100340 100344->100341 100345 7ff7e71dae3c 100366 7ff7e71db2ac 100345->100366 100348 7ff7e71daf88 100462 7ff7e71db5dc 7 API calls 2 library calls 100348->100462 100349 7ff7e71dae58 __scrt_acquire_startup_lock 100351 7ff7e71daf92 100349->100351 100358 7ff7e71dae76 __scrt_release_startup_lock 100349->100358 100463 7ff7e71db5dc 7 API calls 2 library calls 100351->100463 100353 7ff7e71dae9b 100354 7ff7e71daf9d __CxxCallCatchBlock 100355 7ff7e71daf21 100372 7ff7e71db728 100355->100372 100357 7ff7e71daf26 100375 7ff7e71d1000 100357->100375 100358->100353 100358->100355 100459 7ff7e71e88b4 45 API calls 100358->100459 100363 7ff7e71daf49 100363->100354 100461 7ff7e71db440 7 API calls __scrt_initialize_crt 100363->100461 100365 7ff7e71daf60 100365->100353 100464 7ff7e71db8ac 100366->100464 100369 7ff7e71db2db __scrt_initialize_crt 100371 7ff7e71dae50 100369->100371 100466 7ff7e71dca08 7 API calls 2 library calls 100369->100466 100371->100348 100371->100349 100467 7ff7e71dc150 100372->100467 100374 7ff7e71db73f GetStartupInfoW 100374->100357 100376 7ff7e71d100b 100375->100376 100469 7ff7e71d7570 100376->100469 100378 7ff7e71d101d 100476 7ff7e71e4e44 100378->100476 100380 7ff7e71d365b 100483 7ff7e71d1af0 100380->100483 100386 7ff7e71d3679 100450 7ff7e71d377a 100386->100450 100499 7ff7e71d3b00 100386->100499 100388 7ff7e71d36ab 100388->100450 100502 7ff7e71d6970 100388->100502 100390 7ff7e71d36c7 100391 7ff7e71d6970 61 API calls 100390->100391 100407 7ff7e71d3713 100390->100407 100395 7ff7e71d36e8 __std_exception_copy 100391->100395 100393 7ff7e71d3728 100521 7ff7e71d19d0 100393->100521 100402 7ff7e71d6f10 58 API calls 100395->100402 100395->100407 100396 7ff7e71d381d 100399 7ff7e71d3848 100396->100399 100631 7ff7e71d3260 59 API calls 100396->100631 100398 7ff7e71d19d0 121 API calls 100401 7ff7e71d375e 100398->100401 100411 7ff7e71d388b 100399->100411 100532 7ff7e71d79a0 100399->100532 100405 7ff7e71d37a0 100401->100405 100406 7ff7e71d3762 100401->100406 100402->100407 100404 7ff7e71d3868 100408 7ff7e71d386d 100404->100408 100409 7ff7e71d387e SetDllDirectoryW 100404->100409 100405->100396 100607 7ff7e71d3c90 100405->100607 100597 7ff7e71d2770 59 API calls 2 library calls 100406->100597 100517 7ff7e71d6f10 100407->100517 100632 7ff7e71d2770 59 API calls 2 library calls 100408->100632 100409->100411 100546 7ff7e71d5e20 100411->100546 100417 7ff7e71d38e6 100425 7ff7e71d39a6 100417->100425 100431 7ff7e71d38f9 100417->100431 100418 7ff7e71d37c2 100630 7ff7e71d2770 59 API calls 2 library calls 100418->100630 100421 7ff7e71d37f0 100421->100396 100424 7ff7e71d37f5 100421->100424 100423 7ff7e71d38a8 100423->100417 100634 7ff7e71d5620 161 API calls 3 library calls 100423->100634 100626 7ff7e71df1dc 100424->100626 100587 7ff7e71d30f0 100425->100587 100430 7ff7e71d38b9 100432 7ff7e71d38dc 100430->100432 100433 7ff7e71d38bd 100430->100433 100438 7ff7e71d3945 100431->100438 100638 7ff7e71d1b30 100431->100638 100637 7ff7e71d5870 FreeLibrary 100432->100637 100635 7ff7e71d55b0 91 API calls 100433->100635 100438->100450 100550 7ff7e71d3090 100438->100550 100439 7ff7e71d38c7 100439->100432 100441 7ff7e71d38cb 100439->100441 100440 7ff7e71d39db 100442 7ff7e71d6970 61 API calls 100440->100442 100636 7ff7e71d5c70 60 API calls 100441->100636 100445 7ff7e71d39e7 100442->100445 100448 7ff7e71d39f8 100445->100448 100445->100450 100446 7ff7e71d3981 100642 7ff7e71d5870 FreeLibrary 100446->100642 100447 7ff7e71d38da 100447->100417 100644 7ff7e71d6f50 63 API calls 2 library calls 100448->100644 100598 7ff7e71dacd0 100450->100598 100452 7ff7e71d3a10 100645 7ff7e71d5870 FreeLibrary 100452->100645 100454 7ff7e71d3a1c 100455 7ff7e71d3a37 100454->100455 100646 7ff7e71d6c10 67 API calls 2 library calls 100454->100646 100647 7ff7e71d1ab0 74 API calls __std_exception_copy 100455->100647 100458 7ff7e71d3a3f 100458->100450 100459->100355 100460 7ff7e71db76c GetModuleHandleW 100460->100363 100461->100365 100462->100351 100463->100354 100465 7ff7e71db2ce __scrt_dllmain_crt_thread_attach 100464->100465 100465->100369 100465->100371 100466->100371 100468 7ff7e71dc130 100467->100468 100468->100374 100468->100468 100470 7ff7e71d758f 100469->100470 100471 7ff7e71d7597 __std_exception_copy 100470->100471 100472 7ff7e71d75e0 WideCharToMultiByte 100470->100472 100473 7ff7e71d7636 WideCharToMultiByte 100470->100473 100474 7ff7e71d7688 100470->100474 100471->100378 100472->100470 100472->100474 100473->100470 100473->100474 100648 7ff7e71d2620 57 API calls 2 library calls 100474->100648 100478 7ff7e71eeb70 100476->100478 100477 7ff7e71eebc3 100649 7ff7e71e9c14 37 API calls 2 library calls 100477->100649 100478->100477 100480 7ff7e71eec16 100478->100480 100650 7ff7e71eea48 71 API calls _fread_nolock 100480->100650 100482 7ff7e71eebec 100482->100380 100484 7ff7e71d1b05 100483->100484 100485 7ff7e71d1b20 100484->100485 100651 7ff7e71d24d0 59 API calls 3 library calls 100484->100651 100485->100450 100487 7ff7e71d3b80 100485->100487 100652 7ff7e71dad00 100487->100652 100490 7ff7e71d3bd2 100655 7ff7e71d7ab0 59 API calls 100490->100655 100491 7ff7e71d3bbb 100654 7ff7e71d2620 57 API calls 2 library calls 100491->100654 100494 7ff7e71d3be5 100497 7ff7e71d3bce 100494->100497 100656 7ff7e71d2770 59 API calls 2 library calls 100494->100656 100495 7ff7e71dacd0 _wfindfirst32i64 8 API calls 100498 7ff7e71d3c0f 100495->100498 100497->100495 100498->100386 100500 7ff7e71d1b30 49 API calls 100499->100500 100501 7ff7e71d3b1d 100500->100501 100501->100388 100503 7ff7e71d697a 100502->100503 100504 7ff7e71d79a0 57 API calls 100503->100504 100505 7ff7e71d699c GetEnvironmentVariableW 100504->100505 100506 7ff7e71d69b4 ExpandEnvironmentStringsW 100505->100506 100507 7ff7e71d6a06 100505->100507 100657 7ff7e71d7ab0 59 API calls 100506->100657 100508 7ff7e71dacd0 _wfindfirst32i64 8 API calls 100507->100508 100510 7ff7e71d6a18 100508->100510 100510->100390 100511 7ff7e71d69dc 100511->100507 100512 7ff7e71d69e6 100511->100512 100658 7ff7e71e903c 37 API calls 2 library calls 100512->100658 100514 7ff7e71d69ee 100515 7ff7e71dacd0 _wfindfirst32i64 8 API calls 100514->100515 100516 7ff7e71d69fe 100515->100516 100516->100390 100518 7ff7e71d79a0 57 API calls 100517->100518 100519 7ff7e71d6f27 SetEnvironmentVariableW 100518->100519 100520 7ff7e71d6f3f __std_exception_copy 100519->100520 100520->100393 100522 7ff7e71d1b30 49 API calls 100521->100522 100523 7ff7e71d1a00 100522->100523 100524 7ff7e71d1b30 49 API calls 100523->100524 100531 7ff7e71d1a7a 100523->100531 100525 7ff7e71d1a22 100524->100525 100526 7ff7e71d3b00 49 API calls 100525->100526 100525->100531 100527 7ff7e71d1a3b 100526->100527 100659 7ff7e71d17b0 100527->100659 100530 7ff7e71df1dc 74 API calls 100530->100531 100531->100396 100531->100398 100533 7ff7e71d79c1 MultiByteToWideChar 100532->100533 100534 7ff7e71d7a47 MultiByteToWideChar 100532->100534 100535 7ff7e71d79e7 100533->100535 100540 7ff7e71d7a0c 100533->100540 100536 7ff7e71d7a8f 100534->100536 100537 7ff7e71d7a6a 100534->100537 100742 7ff7e71d2620 57 API calls 2 library calls 100535->100742 100536->100404 100744 7ff7e71d2620 57 API calls 2 library calls 100537->100744 100540->100534 100543 7ff7e71d7a22 100540->100543 100541 7ff7e71d7a7d 100541->100404 100542 7ff7e71d79fa 100542->100404 100743 7ff7e71d2620 57 API calls 2 library calls 100543->100743 100545 7ff7e71d7a35 100545->100404 100547 7ff7e71d5e35 100546->100547 100548 7ff7e71d3890 100547->100548 100745 7ff7e71d24d0 59 API calls 3 library calls 100547->100745 100548->100417 100633 7ff7e71d5ac0 122 API calls 2 library calls 100548->100633 100746 7ff7e71d4940 100550->100746 100553 7ff7e71d30dd 100553->100446 100555 7ff7e71d30b4 100555->100553 100802 7ff7e71d46c0 100555->100802 100557 7ff7e71d30c0 100557->100553 100812 7ff7e71d4820 100557->100812 100559 7ff7e71d30cc 100559->100553 100560 7ff7e71d3307 100559->100560 100562 7ff7e71d331c 100559->100562 100843 7ff7e71d2770 59 API calls 2 library calls 100560->100843 100563 7ff7e71d333c 100562->100563 100575 7ff7e71d3352 __std_exception_copy 100562->100575 100844 7ff7e71d2770 59 API calls 2 library calls 100563->100844 100564 7ff7e71dacd0 _wfindfirst32i64 8 API calls 100566 7ff7e71d34aa 100564->100566 100566->100446 100567 7ff7e71d3313 __std_exception_copy 100567->100564 100570 7ff7e71d1b30 49 API calls 100570->100575 100571 7ff7e71d35eb 100852 7ff7e71d2770 59 API calls 2 library calls 100571->100852 100573 7ff7e71d35c5 100851 7ff7e71d2770 59 API calls 2 library calls 100573->100851 100575->100567 100575->100570 100575->100571 100575->100573 100576 7ff7e71d34b6 100575->100576 100817 7ff7e71d12b0 100575->100817 100845 7ff7e71d1780 59 API calls 100575->100845 100577 7ff7e71d3522 100576->100577 100846 7ff7e71e903c 37 API calls 2 library calls 100576->100846 100847 7ff7e71d16d0 59 API calls 100577->100847 100580 7ff7e71d3544 100581 7ff7e71d3557 100580->100581 100582 7ff7e71d3549 100580->100582 100849 7ff7e71d2de0 37 API calls 100581->100849 100848 7ff7e71e903c 37 API calls 2 library calls 100582->100848 100585 7ff7e71d3555 100850 7ff7e71d23b0 62 API calls __std_exception_copy 100585->100850 100588 7ff7e71d31a4 100587->100588 100594 7ff7e71d3163 100587->100594 100589 7ff7e71d31e3 100588->100589 101023 7ff7e71d1ab0 74 API calls __std_exception_copy 100588->101023 100591 7ff7e71dacd0 _wfindfirst32i64 8 API calls 100589->100591 100592 7ff7e71d31f5 100591->100592 100592->100450 100643 7ff7e71d6ea0 57 API calls __std_exception_copy 100592->100643 100594->100588 100968 7ff7e71d2990 100594->100968 101022 7ff7e71d1440 161 API calls 2 library calls 100594->101022 101024 7ff7e71d1780 59 API calls 100594->101024 100597->100450 100599 7ff7e71dacd9 100598->100599 100600 7ff7e71d378e 100599->100600 100601 7ff7e71db000 IsProcessorFeaturePresent 100599->100601 100600->100460 100602 7ff7e71db018 100601->100602 101173 7ff7e71db1f4 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 100602->101173 100604 7ff7e71db02b 101174 7ff7e71dafc4 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 100604->101174 100608 7ff7e71d3c9c 100607->100608 100609 7ff7e71d79a0 57 API calls 100608->100609 100610 7ff7e71d3cc7 100609->100610 100611 7ff7e71d79a0 57 API calls 100610->100611 100612 7ff7e71d3cda 100611->100612 101175 7ff7e71e53f8 100612->101175 100615 7ff7e71dacd0 _wfindfirst32i64 8 API calls 100616 7ff7e71d37ba 100615->100616 100616->100418 100617 7ff7e71d7170 100616->100617 100618 7ff7e71d7194 100617->100618 100619 7ff7e71df864 73 API calls 100618->100619 100620 7ff7e71d726b __std_exception_copy 100618->100620 100621 7ff7e71d71ae 100619->100621 100620->100421 100621->100620 101346 7ff7e71e7868 100621->101346 100623 7ff7e71df864 73 API calls 100625 7ff7e71d71c3 100623->100625 100624 7ff7e71df52c _fread_nolock 53 API calls 100624->100625 100625->100620 100625->100623 100625->100624 100627 7ff7e71df20c 100626->100627 101362 7ff7e71defb8 100627->101362 100629 7ff7e71df225 100629->100418 100630->100450 100631->100399 100632->100450 100633->100423 100634->100430 100635->100439 100636->100447 100637->100417 100639 7ff7e71d1b55 100638->100639 100640 7ff7e71e3b14 49 API calls 100639->100640 100641 7ff7e71d1b78 100640->100641 100641->100438 100642->100450 100643->100440 100644->100452 100645->100454 100646->100455 100647->100458 100648->100471 100649->100482 100650->100482 100651->100485 100653 7ff7e71d3b8c GetModuleFileNameW 100652->100653 100653->100490 100653->100491 100654->100497 100655->100494 100656->100497 100657->100511 100658->100514 100660 7ff7e71d17d4 100659->100660 100661 7ff7e71d17e4 100659->100661 100662 7ff7e71d3c90 116 API calls 100660->100662 100663 7ff7e71d7170 83 API calls 100661->100663 100692 7ff7e71d1842 100661->100692 100662->100661 100664 7ff7e71d1815 100663->100664 100664->100692 100693 7ff7e71df864 100664->100693 100666 7ff7e71dacd0 _wfindfirst32i64 8 API calls 100668 7ff7e71d19c0 100666->100668 100667 7ff7e71d182b 100669 7ff7e71d182f 100667->100669 100670 7ff7e71d184c 100667->100670 100668->100530 100668->100531 100706 7ff7e71d24d0 59 API calls 3 library calls 100669->100706 100697 7ff7e71df52c 100670->100697 100674 7ff7e71df864 73 API calls 100676 7ff7e71d18d1 100674->100676 100677 7ff7e71d18e3 100676->100677 100678 7ff7e71d18fe 100676->100678 100708 7ff7e71d24d0 59 API calls 3 library calls 100677->100708 100680 7ff7e71df52c _fread_nolock 53 API calls 100678->100680 100681 7ff7e71d1913 100680->100681 100682 7ff7e71d1925 100681->100682 100683 7ff7e71d1867 100681->100683 100700 7ff7e71df2a0 100682->100700 100707 7ff7e71d24d0 59 API calls 3 library calls 100683->100707 100686 7ff7e71d193d 100709 7ff7e71d2770 59 API calls 2 library calls 100686->100709 100688 7ff7e71d1993 100690 7ff7e71df1dc 74 API calls 100688->100690 100688->100692 100689 7ff7e71d1950 100689->100688 100710 7ff7e71d2770 59 API calls 2 library calls 100689->100710 100690->100692 100692->100666 100694 7ff7e71df894 100693->100694 100711 7ff7e71df5f4 100694->100711 100696 7ff7e71df8ad 100696->100667 100724 7ff7e71df54c 100697->100724 100701 7ff7e71df2a9 100700->100701 100705 7ff7e71d1939 100700->100705 100740 7ff7e71e4374 11 API calls _get_daylight 100701->100740 100703 7ff7e71df2ae 100741 7ff7e71e9ce0 37 API calls _invalid_parameter_noinfo 100703->100741 100705->100686 100705->100689 100706->100692 100707->100692 100708->100692 100709->100692 100710->100688 100712 7ff7e71df65e 100711->100712 100713 7ff7e71df61e 100711->100713 100712->100713 100715 7ff7e71df66a 100712->100715 100723 7ff7e71e9c14 37 API calls 2 library calls 100713->100723 100722 7ff7e71e421c EnterCriticalSection 100715->100722 100717 7ff7e71df66f 100718 7ff7e71df778 71 API calls 100717->100718 100719 7ff7e71df681 100718->100719 100720 7ff7e71e4228 _fread_nolock LeaveCriticalSection 100719->100720 100721 7ff7e71df645 100720->100721 100721->100696 100723->100721 100725 7ff7e71df576 100724->100725 100736 7ff7e71d1861 100724->100736 100726 7ff7e71df5c2 100725->100726 100728 7ff7e71df585 memcpy_s 100725->100728 100725->100736 100737 7ff7e71e421c EnterCriticalSection 100726->100737 100738 7ff7e71e4374 11 API calls _get_daylight 100728->100738 100730 7ff7e71df5ca 100732 7ff7e71df2cc _fread_nolock 51 API calls 100730->100732 100731 7ff7e71df59a 100739 7ff7e71e9ce0 37 API calls _invalid_parameter_noinfo 100731->100739 100733 7ff7e71df5e1 100732->100733 100735 7ff7e71e4228 _fread_nolock LeaveCriticalSection 100733->100735 100735->100736 100736->100674 100736->100683 100738->100731 100740->100703 100742->100542 100743->100545 100744->100541 100745->100548 100747 7ff7e71d4950 100746->100747 100748 7ff7e71d1b30 49 API calls 100747->100748 100749 7ff7e71d4982 100748->100749 100750 7ff7e71d49ab 100749->100750 100751 7ff7e71d498b 100749->100751 100753 7ff7e71d4a02 100750->100753 100853 7ff7e71d3d10 100750->100853 100866 7ff7e71d2770 59 API calls 2 library calls 100751->100866 100754 7ff7e71d3d10 49 API calls 100753->100754 100756 7ff7e71d4a1b 100754->100756 100759 7ff7e71d4a39 100756->100759 100868 7ff7e71d2770 59 API calls 2 library calls 100756->100868 100757 7ff7e71d49cc 100760 7ff7e71d49ea 100757->100760 100867 7ff7e71d2770 59 API calls 2 library calls 100757->100867 100758 7ff7e71dacd0 _wfindfirst32i64 8 API calls 100761 7ff7e71d309e 100758->100761 100763 7ff7e71d7120 58 API calls 100759->100763 100856 7ff7e71d3c20 100760->100856 100761->100553 100774 7ff7e71d4cc0 100761->100774 100767 7ff7e71d4a46 100763->100767 100768 7ff7e71d4a4b 100767->100768 100769 7ff7e71d4a6d 100767->100769 100869 7ff7e71d2620 57 API calls 2 library calls 100768->100869 100870 7ff7e71d3dd0 112 API calls 100769->100870 100773 7ff7e71d49a1 100773->100758 100775 7ff7e71d6970 61 API calls 100774->100775 100777 7ff7e71d4cd5 100775->100777 100776 7ff7e71d4cf0 100778 7ff7e71d79a0 57 API calls 100776->100778 100777->100776 100898 7ff7e71d2880 59 API calls 2 library calls 100777->100898 100780 7ff7e71d4d34 100778->100780 100781 7ff7e71d4d50 100780->100781 100782 7ff7e71d4d39 100780->100782 100785 7ff7e71d79a0 57 API calls 100781->100785 100899 7ff7e71d2770 59 API calls 2 library calls 100782->100899 100784 7ff7e71d4d45 100784->100555 100786 7ff7e71d4d85 100785->100786 100788 7ff7e71d1b30 49 API calls 100786->100788 100800 7ff7e71d4d8a __std_exception_copy 100786->100800 100790 7ff7e71d4e07 100788->100790 100789 7ff7e71d4f31 100789->100555 100791 7ff7e71d4e33 100790->100791 100792 7ff7e71d4e0e 100790->100792 100794 7ff7e71d79a0 57 API calls 100791->100794 100900 7ff7e71d2770 59 API calls 2 library calls 100792->100900 100796 7ff7e71d4e4c 100794->100796 100795 7ff7e71d4e23 100795->100555 100796->100800 100871 7ff7e71d4aa0 100796->100871 100801 7ff7e71d4f1a 100800->100801 100902 7ff7e71d2770 59 API calls 2 library calls 100800->100902 100801->100555 100803 7ff7e71d46d7 100802->100803 100803->100803 100804 7ff7e71d4700 100803->100804 100811 7ff7e71d4717 __std_exception_copy 100803->100811 100918 7ff7e71d2770 59 API calls 2 library calls 100804->100918 100806 7ff7e71d470c 100806->100557 100807 7ff7e71d47fb 100807->100557 100808 7ff7e71d12b0 122 API calls 100808->100811 100811->100807 100811->100808 100919 7ff7e71d2770 59 API calls 2 library calls 100811->100919 100920 7ff7e71d1780 59 API calls 100811->100920 100814 7ff7e71d4927 100812->100814 100815 7ff7e71d483b 100812->100815 100814->100559 100815->100814 100816 7ff7e71d2770 59 API calls 100815->100816 100921 7ff7e71d1780 59 API calls 100815->100921 100816->100815 100818 7ff7e71d12c6 100817->100818 100819 7ff7e71d12f8 100817->100819 100820 7ff7e71d3c90 116 API calls 100818->100820 100821 7ff7e71df864 73 API calls 100819->100821 100823 7ff7e71d12d6 100820->100823 100822 7ff7e71d130a 100821->100822 100824 7ff7e71d130e 100822->100824 100829 7ff7e71d132f 100822->100829 100823->100819 100825 7ff7e71d12de 100823->100825 100941 7ff7e71d24d0 59 API calls 3 library calls 100824->100941 100940 7ff7e71d2770 59 API calls 2 library calls 100825->100940 100828 7ff7e71d1325 100828->100575 100831 7ff7e71d1364 100829->100831 100832 7ff7e71d1344 100829->100832 100830 7ff7e71d12ee 100830->100575 100834 7ff7e71d137e 100831->100834 100838 7ff7e71d1395 100831->100838 100942 7ff7e71d24d0 59 API calls 3 library calls 100832->100942 100922 7ff7e71d1050 100834->100922 100836 7ff7e71df52c _fread_nolock 53 API calls 100836->100838 100837 7ff7e71d1421 100837->100575 100838->100836 100839 7ff7e71d135f __std_exception_copy 100838->100839 100841 7ff7e71d13de 100838->100841 100839->100837 100840 7ff7e71df1dc 74 API calls 100839->100840 100840->100837 100943 7ff7e71d24d0 59 API calls 3 library calls 100841->100943 100843->100567 100844->100567 100845->100575 100846->100577 100847->100580 100848->100585 100849->100585 100850->100567 100851->100567 100852->100567 100854 7ff7e71d1b30 49 API calls 100853->100854 100855 7ff7e71d3d40 100854->100855 100855->100757 100857 7ff7e71d3c2a 100856->100857 100858 7ff7e71d79a0 57 API calls 100857->100858 100859 7ff7e71d3c52 100858->100859 100860 7ff7e71dacd0 _wfindfirst32i64 8 API calls 100859->100860 100861 7ff7e71d3c7a 100860->100861 100861->100753 100862 7ff7e71d7120 100861->100862 100863 7ff7e71d79a0 57 API calls 100862->100863 100864 7ff7e71d7137 LoadLibraryExW 100863->100864 100865 7ff7e71d7154 __std_exception_copy 100864->100865 100865->100753 100866->100773 100867->100760 100868->100759 100869->100773 100870->100773 100875 7ff7e71d4aba 100871->100875 100872 7ff7e71dacd0 _wfindfirst32i64 8 API calls 100873 7ff7e71d4c90 100872->100873 100901 7ff7e71d7ba0 59 API calls __std_exception_copy 100873->100901 100877 7ff7e71d4bd3 100875->100877 100880 7ff7e71d4ca9 100875->100880 100897 7ff7e71d4c71 100875->100897 100903 7ff7e71e5600 47 API calls 100875->100903 100904 7ff7e71d1780 59 API calls 100875->100904 100877->100897 100905 7ff7e71e90b4 100877->100905 100915 7ff7e71d2770 59 API calls 2 library calls 100880->100915 100883 7ff7e71d4bf6 100884 7ff7e71e90b4 _fread_nolock 37 API calls 100883->100884 100885 7ff7e71d4c08 100884->100885 100912 7ff7e71e570c 39 API calls 3 library calls 100885->100912 100887 7ff7e71d4c14 100913 7ff7e71e5c94 73 API calls 100887->100913 100889 7ff7e71d4c26 100914 7ff7e71e5c94 73 API calls 100889->100914 100891 7ff7e71d4c38 100892 7ff7e71e4e44 71 API calls 100891->100892 100893 7ff7e71d4c49 100892->100893 100894 7ff7e71e4e44 71 API calls 100893->100894 100895 7ff7e71d4c5d 100894->100895 100896 7ff7e71e4e44 71 API calls 100895->100896 100896->100897 100897->100872 100898->100776 100899->100784 100900->100795 100901->100800 100902->100789 100903->100875 100904->100875 100906 7ff7e71e90bd 100905->100906 100910 7ff7e71d4bea 100905->100910 100916 7ff7e71e4374 11 API calls _get_daylight 100906->100916 100908 7ff7e71e90c2 100917 7ff7e71e9ce0 37 API calls _invalid_parameter_noinfo 100908->100917 100911 7ff7e71e570c 39 API calls 3 library calls 100910->100911 100911->100883 100912->100887 100913->100889 100914->100891 100915->100897 100916->100908 100918->100806 100919->100811 100920->100811 100921->100815 100923 7ff7e71d10a6 100922->100923 100924 7ff7e71d10d3 100923->100924 100925 7ff7e71d10ad 100923->100925 100928 7ff7e71d10ed 100924->100928 100929 7ff7e71d1109 100924->100929 100948 7ff7e71d2770 59 API calls 2 library calls 100925->100948 100927 7ff7e71d10c0 100927->100839 100949 7ff7e71d24d0 59 API calls 3 library calls 100928->100949 100931 7ff7e71d111b 100929->100931 100938 7ff7e71d1137 memcpy_s 100929->100938 100950 7ff7e71d24d0 59 API calls 3 library calls 100931->100950 100933 7ff7e71df52c _fread_nolock 53 API calls 100933->100938 100934 7ff7e71d1104 __std_exception_copy 100934->100839 100935 7ff7e71d11fe 100951 7ff7e71d2770 59 API calls 2 library calls 100935->100951 100938->100933 100938->100934 100938->100935 100939 7ff7e71df2a0 37 API calls 100938->100939 100944 7ff7e71dfc6c 100938->100944 100939->100938 100940->100830 100941->100828 100942->100839 100943->100839 100945 7ff7e71dfc9c 100944->100945 100952 7ff7e71df9bc 100945->100952 100947 7ff7e71dfcba 100947->100938 100948->100927 100949->100934 100950->100934 100951->100934 100953 7ff7e71df9dc 100952->100953 100954 7ff7e71dfa09 100952->100954 100953->100954 100955 7ff7e71df9e6 100953->100955 100956 7ff7e71dfa11 100953->100956 100954->100947 100966 7ff7e71e9c14 37 API calls 2 library calls 100955->100966 100959 7ff7e71df8fc 100956->100959 100967 7ff7e71e421c EnterCriticalSection 100959->100967 100961 7ff7e71df919 100962 7ff7e71df93c 74 API calls 100961->100962 100963 7ff7e71df922 100962->100963 100964 7ff7e71e4228 _fread_nolock LeaveCriticalSection 100963->100964 100965 7ff7e71df92d 100964->100965 100965->100954 100966->100954 100969 7ff7e71d29a6 100968->100969 100970 7ff7e71d1b30 49 API calls 100969->100970 100972 7ff7e71d29db 100970->100972 100971 7ff7e71d2dc9 100972->100971 100973 7ff7e71d3b00 49 API calls 100972->100973 100974 7ff7e71d2a57 100973->100974 101025 7ff7e71d2ff0 100974->101025 100977 7ff7e71d2ae7 101033 7ff7e71d6700 98 API calls 100977->101033 100978 7ff7e71d2ff0 75 API calls 100981 7ff7e71d2ae3 100978->100981 100980 7ff7e71d2aef 100985 7ff7e71d2b0c 100980->100985 101034 7ff7e71d65e0 134 API calls 2 library calls 100980->101034 100981->100977 100982 7ff7e71d2b55 100981->100982 100984 7ff7e71d2ff0 75 API calls 100982->100984 100987 7ff7e71d2b7e 100984->100987 100988 7ff7e71d2b26 100985->100988 101035 7ff7e71d2770 59 API calls 2 library calls 100985->101035 100990 7ff7e71d2ff0 75 API calls 100987->100990 100995 7ff7e71d2bd8 100987->100995 100991 7ff7e71dacd0 _wfindfirst32i64 8 API calls 100988->100991 100992 7ff7e71d2bab 100990->100992 100993 7ff7e71d2b4a 100991->100993 100994 7ff7e71d2ff0 75 API calls 100992->100994 100992->100995 100993->100594 100994->100995 100995->100985 101036 7ff7e71d6700 98 API calls 100995->101036 100996 7ff7e71d1af0 59 API calls 100997 7ff7e71d2c3f 100996->100997 100997->100985 100999 7ff7e71d1b30 49 API calls 100997->100999 100998 7ff7e71d2be8 100998->100985 100998->100996 101000 7ff7e71d2d06 100998->101000 101001 7ff7e71d2c67 100999->101001 101000->100985 101013 7ff7e71d2d1e 101000->101013 101002 7ff7e71d2da2 101001->101002 101003 7ff7e71d1b30 49 API calls 101001->101003 101042 7ff7e71d2770 59 API calls 2 library calls 101002->101042 101005 7ff7e71d2c94 101003->101005 101005->101002 101008 7ff7e71d1b30 49 API calls 101005->101008 101006 7ff7e71d2d01 101043 7ff7e71d1ab0 74 API calls __std_exception_copy 101006->101043 101009 7ff7e71d2cc1 101008->101009 101009->101002 101012 7ff7e71d2ccc 101009->101012 101014 7ff7e71d17b0 121 API calls 101012->101014 101013->100988 101015 7ff7e71d2d84 101013->101015 101038 7ff7e71d1440 161 API calls 2 library calls 101013->101038 101039 7ff7e71d1780 59 API calls 101013->101039 101017 7ff7e71d2ce3 101014->101017 101040 7ff7e71d2770 59 API calls 2 library calls 101015->101040 101017->101013 101019 7ff7e71d2ce7 101017->101019 101018 7ff7e71d2d95 101041 7ff7e71d1ab0 74 API calls __std_exception_copy 101018->101041 101037 7ff7e71d24d0 59 API calls 3 library calls 101019->101037 101022->100594 101023->100588 101024->100594 101026 7ff7e71d3024 101025->101026 101044 7ff7e71e3b14 101026->101044 101029 7ff7e71d305b 101031 7ff7e71dacd0 _wfindfirst32i64 8 API calls 101029->101031 101032 7ff7e71d2a96 101031->101032 101032->100977 101032->100978 101033->100980 101034->100985 101035->100988 101036->100998 101037->101006 101038->101013 101039->101013 101040->101018 101041->100988 101042->101006 101043->100985 101047 7ff7e71e3b6e 101044->101047 101045 7ff7e71e3b93 101079 7ff7e71e9c14 37 API calls 2 library calls 101045->101079 101046 7ff7e71e3bcf 101080 7ff7e71e1da0 49 API calls _invalid_parameter_noinfo 101046->101080 101047->101045 101047->101046 101050 7ff7e71e3bbd 101052 7ff7e71dacd0 _wfindfirst32i64 8 API calls 101050->101052 101051 7ff7e71e3cac 101053 7ff7e71e9d48 __free_lconv_num 11 API calls 101051->101053 101055 7ff7e71d304a 101052->101055 101053->101050 101054 7ff7e71e3c66 101054->101051 101056 7ff7e71e3cd0 101054->101056 101057 7ff7e71e3c81 101054->101057 101060 7ff7e71e3c78 101054->101060 101055->101029 101062 7ff7e71e4d38 101055->101062 101056->101051 101058 7ff7e71e3cda 101056->101058 101081 7ff7e71e9d48 101057->101081 101061 7ff7e71e9d48 __free_lconv_num 11 API calls 101058->101061 101060->101051 101060->101057 101061->101050 101063 7ff7e71e4d55 101062->101063 101064 7ff7e71e4d61 101062->101064 101088 7ff7e71e45b0 101063->101088 101113 7ff7e71e494c 45 API calls __CxxCallCatchBlock 101064->101113 101067 7ff7e71e4d89 101068 7ff7e71e4d99 101067->101068 101114 7ff7e71edefc 5 API calls __crtLCMapStringW 101067->101114 101115 7ff7e71e4434 14 API calls 3 library calls 101068->101115 101071 7ff7e71e4df1 101072 7ff7e71e4df5 101071->101072 101073 7ff7e71e4e09 101071->101073 101074 7ff7e71e4d5a 101072->101074 101077 7ff7e71e9d48 __free_lconv_num 11 API calls 101072->101077 101075 7ff7e71e45b0 69 API calls 101073->101075 101074->101029 101076 7ff7e71e4e15 101075->101076 101076->101074 101078 7ff7e71e9d48 __free_lconv_num 11 API calls 101076->101078 101077->101074 101078->101074 101079->101050 101080->101054 101082 7ff7e71e9d4d HeapFree 101081->101082 101083 7ff7e71e9d7c 101081->101083 101082->101083 101084 7ff7e71e9d68 GetLastError 101082->101084 101083->101050 101085 7ff7e71e9d75 __free_lconv_num 101084->101085 101087 7ff7e71e4374 11 API calls _get_daylight 101085->101087 101087->101083 101089 7ff7e71e45e7 101088->101089 101090 7ff7e71e45ca 101088->101090 101089->101090 101092 7ff7e71e45fa CreateFileW 101089->101092 101142 7ff7e71e4354 11 API calls _get_daylight 101090->101142 101094 7ff7e71e4664 101092->101094 101095 7ff7e71e462e 101092->101095 101093 7ff7e71e45cf 101143 7ff7e71e4374 11 API calls _get_daylight 101093->101143 101145 7ff7e71e4c28 46 API calls 3 library calls 101094->101145 101116 7ff7e71e4704 GetFileType 101095->101116 101100 7ff7e71e4669 101104 7ff7e71e466d 101100->101104 101105 7ff7e71e4698 101100->101105 101101 7ff7e71e45d7 101144 7ff7e71e9ce0 37 API calls _invalid_parameter_noinfo 101101->101144 101102 7ff7e71e4643 CloseHandle 101107 7ff7e71e45e2 101102->101107 101103 7ff7e71e4659 CloseHandle 101103->101107 101146 7ff7e71e42e8 11 API calls 2 library calls 101104->101146 101147 7ff7e71e49e8 101105->101147 101107->101074 101112 7ff7e71e4677 101112->101107 101113->101067 101114->101068 101115->101071 101117 7ff7e71e480f 101116->101117 101118 7ff7e71e4752 101116->101118 101120 7ff7e71e4817 101117->101120 101121 7ff7e71e4839 101117->101121 101119 7ff7e71e477e GetFileInformationByHandle 101118->101119 101165 7ff7e71e4b24 21 API calls _fread_nolock 101118->101165 101123 7ff7e71e47a7 101119->101123 101124 7ff7e71e482a GetLastError 101119->101124 101120->101124 101125 7ff7e71e481b 101120->101125 101126 7ff7e71e485c PeekNamedPipe 101121->101126 101141 7ff7e71e47fa 101121->101141 101128 7ff7e71e49e8 51 API calls 101123->101128 101168 7ff7e71e42e8 11 API calls 2 library calls 101124->101168 101167 7ff7e71e4374 11 API calls _get_daylight 101125->101167 101126->101141 101127 7ff7e71e476c 101127->101119 101127->101141 101132 7ff7e71e47b2 101128->101132 101131 7ff7e71dacd0 _wfindfirst32i64 8 API calls 101133 7ff7e71e463c 101131->101133 101158 7ff7e71e48ac 101132->101158 101133->101102 101133->101103 101136 7ff7e71e48ac 10 API calls 101137 7ff7e71e47d1 101136->101137 101138 7ff7e71e48ac 10 API calls 101137->101138 101139 7ff7e71e47e2 101138->101139 101139->101141 101166 7ff7e71e4374 11 API calls _get_daylight 101139->101166 101141->101131 101142->101093 101143->101101 101145->101100 101146->101112 101148 7ff7e71e4a10 101147->101148 101156 7ff7e71e46a5 101148->101156 101169 7ff7e71ee5a4 51 API calls 2 library calls 101148->101169 101150 7ff7e71e4aa4 101150->101156 101170 7ff7e71ee5a4 51 API calls 2 library calls 101150->101170 101152 7ff7e71e4ab7 101152->101156 101171 7ff7e71ee5a4 51 API calls 2 library calls 101152->101171 101154 7ff7e71e4aca 101154->101156 101172 7ff7e71ee5a4 51 API calls 2 library calls 101154->101172 101157 7ff7e71e4b24 21 API calls _fread_nolock 101156->101157 101157->101112 101159 7ff7e71e48d5 FileTimeToSystemTime 101158->101159 101160 7ff7e71e48c8 101158->101160 101161 7ff7e71e48e9 SystemTimeToTzSpecificLocalTime 101159->101161 101162 7ff7e71e48d0 101159->101162 101160->101159 101160->101162 101161->101162 101163 7ff7e71dacd0 _wfindfirst32i64 8 API calls 101162->101163 101164 7ff7e71e47c1 101163->101164 101164->101136 101165->101127 101166->101141 101167->101141 101168->101141 101169->101150 101170->101152 101171->101154 101172->101156 101173->100604 101176 7ff7e71e532c 101175->101176 101177 7ff7e71e5352 101176->101177 101179 7ff7e71e5385 101176->101179 101206 7ff7e71e4374 11 API calls _get_daylight 101177->101206 101181 7ff7e71e538b 101179->101181 101182 7ff7e71e5398 101179->101182 101180 7ff7e71e5357 101207 7ff7e71e9ce0 37 API calls _invalid_parameter_noinfo 101180->101207 101208 7ff7e71e4374 11 API calls _get_daylight 101181->101208 101194 7ff7e71ea028 101182->101194 101187 7ff7e71e53ac 101209 7ff7e71e4374 11 API calls _get_daylight 101187->101209 101188 7ff7e71e53b9 101201 7ff7e71ef3cc 101188->101201 101191 7ff7e71e53cc 101210 7ff7e71e4228 LeaveCriticalSection 101191->101210 101193 7ff7e71d3ce9 101193->100615 101211 7ff7e71ef6b8 EnterCriticalSection 101194->101211 101196 7ff7e71ea03f 101197 7ff7e71ea09c 19 API calls 101196->101197 101198 7ff7e71ea04a 101197->101198 101199 7ff7e71ef718 _isindst LeaveCriticalSection 101198->101199 101200 7ff7e71e53a2 101199->101200 101200->101187 101200->101188 101212 7ff7e71ef0c8 101201->101212 101204 7ff7e71ef426 101204->101191 101206->101180 101208->101193 101209->101193 101213 7ff7e71ef103 __vcrt_FlsAlloc 101212->101213 101222 7ff7e71ef2ca 101213->101222 101227 7ff7e71f53a4 51 API calls 3 library calls 101213->101227 101215 7ff7e71ef3a1 101231 7ff7e71e9ce0 37 API calls _invalid_parameter_noinfo 101215->101231 101217 7ff7e71ef2d3 101217->101204 101224 7ff7e71f608c 101217->101224 101219 7ff7e71ef335 101219->101222 101228 7ff7e71f53a4 51 API calls 3 library calls 101219->101228 101221 7ff7e71ef354 101221->101222 101229 7ff7e71f53a4 51 API calls 3 library calls 101221->101229 101222->101217 101230 7ff7e71e4374 11 API calls _get_daylight 101222->101230 101232 7ff7e71f568c 101224->101232 101227->101219 101228->101221 101229->101222 101230->101215 101233 7ff7e71f56a3 101232->101233 101234 7ff7e71f56c1 101232->101234 101286 7ff7e71e4374 11 API calls _get_daylight 101233->101286 101234->101233 101236 7ff7e71f56dd 101234->101236 101243 7ff7e71f5c9c 101236->101243 101237 7ff7e71f56a8 101287 7ff7e71e9ce0 37 API calls _invalid_parameter_noinfo 101237->101287 101241 7ff7e71f56b4 101241->101204 101289 7ff7e71f59d0 101243->101289 101246 7ff7e71f5d11 101320 7ff7e71e4354 11 API calls _get_daylight 101246->101320 101247 7ff7e71f5d29 101308 7ff7e71e6c2c 101247->101308 101251 7ff7e71f5d16 101321 7ff7e71e4374 11 API calls _get_daylight 101251->101321 101262 7ff7e71f5708 101262->101241 101288 7ff7e71e6c04 LeaveCriticalSection 101262->101288 101286->101237 101290 7ff7e71f59fc 101289->101290 101296 7ff7e71f5a16 101289->101296 101290->101296 101333 7ff7e71e4374 11 API calls _get_daylight 101290->101333 101292 7ff7e71f5a0b 101334 7ff7e71e9ce0 37 API calls _invalid_parameter_noinfo 101292->101334 101294 7ff7e71f5ae5 101307 7ff7e71f5b42 101294->101307 101339 7ff7e71e569c 37 API calls 2 library calls 101294->101339 101295 7ff7e71f5a94 101295->101294 101337 7ff7e71e4374 11 API calls _get_daylight 101295->101337 101296->101295 101335 7ff7e71e4374 11 API calls _get_daylight 101296->101335 101300 7ff7e71f5ada 101338 7ff7e71e9ce0 37 API calls _invalid_parameter_noinfo 101300->101338 101301 7ff7e71f5b3e 101301->101307 101340 7ff7e71e9d00 IsProcessorFeaturePresent 101301->101340 101302 7ff7e71f5a89 101336 7ff7e71e9ce0 37 API calls _invalid_parameter_noinfo 101302->101336 101307->101246 101307->101247 101345 7ff7e71ef6b8 EnterCriticalSection 101308->101345 101320->101251 101321->101262 101333->101292 101335->101302 101337->101300 101339->101301 101341 7ff7e71e9d13 101340->101341 101344 7ff7e71e9a14 14 API calls 2 library calls 101341->101344 101343 7ff7e71e9d2e GetCurrentProcess TerminateProcess 101344->101343 101347 7ff7e71e7898 101346->101347 101350 7ff7e71e7374 101347->101350 101349 7ff7e71e78b1 101349->100625 101351 7ff7e71e738f 101350->101351 101352 7ff7e71e73be 101350->101352 101361 7ff7e71e9c14 37 API calls 2 library calls 101351->101361 101360 7ff7e71e421c EnterCriticalSection 101352->101360 101355 7ff7e71e73c3 101357 7ff7e71e73e0 38 API calls 101355->101357 101356 7ff7e71e73af 101356->101349 101358 7ff7e71e73cf 101357->101358 101359 7ff7e71e4228 _fread_nolock LeaveCriticalSection 101358->101359 101359->101356 101361->101356 101363 7ff7e71defd3 101362->101363 101364 7ff7e71df001 101362->101364 101373 7ff7e71e9c14 37 API calls 2 library calls 101363->101373 101367 7ff7e71deff3 101364->101367 101372 7ff7e71e421c EnterCriticalSection 101364->101372 101367->100629 101368 7ff7e71df018 101369 7ff7e71df034 72 API calls 101368->101369 101370 7ff7e71df024 101369->101370 101371 7ff7e71e4228 _fread_nolock LeaveCriticalSection 101370->101371 101371->101367 101373->101367 101374 7ff8a92f14ce 101375 7ff8a9317030 101374->101375 101376 7ff8a9317050 ERR_put_error 101375->101376 101377 7ff8a931707c 101375->101377 101378 7ff8a93170e6 101377->101378 101379 7ff8a93170b6 ASYNC_get_current_job 101377->101379 101381 7ff8a93170ec 101377->101381 101385 7ff8a92f1a0f 101378->101385 101379->101378 101380 7ff8a93170c0 101379->101380 101407 7ff8a931ef40 ERR_put_error 101380->101407 101383 7ff8a93170d9 101385->101381 101386 7ff8a9335a00 101385->101386 101387 7ff8a93360fa ERR_clear_error SetLastError 101386->101387 101388 7ff8a93363ec 101386->101388 101399 7ff8a9336113 101387->101399 101388->101381 101389 7ff8a933641e 101391 7ff8a9336429 ERR_put_error 101389->101391 101393 7ff8a933647c ERR_put_error 101389->101393 101394 7ff8a9336451 101391->101394 101397 7ff8a9336213 101393->101397 101394->101393 101396 7ff8a933632d 101396->101389 101396->101397 101398 7ff8a93363dc BUF_MEM_free 101396->101398 101415 7ff8a9335be0 101396->101415 101426 7ff8a9336680 101396->101426 101397->101398 101398->101388 101399->101388 101399->101396 101400 7ff8a933628b BUF_MEM_grow 101399->101400 101402 7ff8a93362aa 101399->101402 101403 7ff8a93361eb ERR_put_error 101399->101403 101400->101402 101400->101403 101401 7ff8a93362bd ERR_put_error 101401->101397 101402->101401 101408 7ff8a92f118b 101402->101408 101403->101397 101406 7ff8a933631f 101406->101396 101406->101401 101407->101383 101408->101406 101409 7ff8a931e510 101408->101409 101410 7ff8a931e529 101409->101410 101411 7ff8a931e53e BIO_new 101409->101411 101410->101406 101412 7ff8a931e589 BIO_free ERR_put_error 101411->101412 101413 7ff8a931e54e 101411->101413 101412->101406 101413->101412 101414 7ff8a931e565 101413->101414 101414->101406 101422 7ff8a9335bfa 101415->101422 101417 7ff8a9335e9b ERR_put_error 101418 7ff8a9335cd6 101417->101418 101418->101396 101419 7ff8a9335e69 101419->101418 101440 7ff8a92f16a9 BIO_ctrl 101419->101440 101420 7ff8a9335e7d 101420->101417 101420->101418 101422->101418 101422->101419 101422->101420 101423 7ff8a9335f53 ERR_put_error 101422->101423 101424 7ff8a9335d7b BUF_MEM_grow_clean 101422->101424 101433 7ff8a92f1348 101422->101433 101437 7ff8a9338475 101422->101437 101423->101418 101424->101420 101424->101422 101430 7ff8a933669c 101426->101430 101427 7ff8a9336a0c ERR_put_error 101428 7ff8a93368fe 101427->101428 101428->101396 101430->101428 101431 7ff8a9336732 101430->101431 101492 7ff8a9337e38 101430->101492 101496 7ff8a92f1032 10 API calls 101430->101496 101431->101427 101431->101428 101433->101422 101434 7ff8a93467b0 101433->101434 101435 7ff8a93468d6 101434->101435 101441 7ff8a92f15d7 101434->101441 101435->101422 101450 7ff8a92f16b8 101437->101450 101439 7ff8a933847d 101439->101422 101440->101418 101441->101434 101442 7ff8a92fc4f0 101441->101442 101443 7ff8a92fca06 memcpy 101442->101443 101444 7ff8a92fcbb0 memcpy 101442->101444 101445 7ff8a92fc9cb 101442->101445 101447 7ff8a92fc5c3 101442->101447 101448 7ff8a92fcca5 101442->101448 101443->101442 101444->101442 101446 7ff8a92fc9da BIO_clear_flags BIO_set_flags 101445->101446 101446->101447 101447->101434 101449 7ff8a92fccff BIO_snprintf ERR_add_error_data 101448->101449 101449->101447 101450->101439 101451 7ff8a933e150 101450->101451 101452 7ff8a933e16a OPENSSL_sk_new_null 101451->101452 101463 7ff8a933e19e 101452->101463 101467 7ff8a933e18a 101452->101467 101453 7ff8a933e6bf X509_free OPENSSL_sk_pop_free 101453->101439 101454 7ff8a933e281 d2i_X509 101454->101463 101454->101467 101455 7ff8a933e381 OPENSSL_sk_push 101455->101463 101455->101467 101456 7ff8a933e3ac 101468 7ff8a92f1299 101456->101468 101458 7ff8a933e3b7 101459 7ff8a933e42e ERR_clear_error 101458->101459 101458->101467 101460 7ff8a933e463 OPENSSL_sk_value X509_get0_pubkey 101459->101460 101459->101467 101461 7ff8a933e495 EVP_PKEY_missing_parameters 101460->101461 101460->101467 101464 7ff8a933e4a5 101461->101464 101461->101467 101462 7ff8a933e3fb CRYPTO_free 101462->101467 101463->101454 101463->101455 101463->101456 101463->101462 101465 7ff8a933e36b CRYPTO_free 101463->101465 101463->101467 101466 7ff8a933e547 X509_free X509_up_ref 101464->101466 101464->101467 101465->101455 101466->101467 101467->101453 101468->101458 101469 7ff8a930c7b0 101468->101469 101470 7ff8a930c7d9 OPENSSL_sk_num 101469->101470 101471 7ff8a930ca36 101469->101471 101470->101471 101472 7ff8a930c7e9 X509_STORE_CTX_new 101470->101472 101471->101458 101474 7ff8a930c85a OPENSSL_sk_value 101472->101474 101475 7ff8a930c81e ERR_put_error 101472->101475 101477 7ff8a930c875 101474->101477 101476 7ff8a930c840 101475->101476 101476->101458 101478 7ff8a930c879 ERR_put_error X509_STORE_CTX_free 101477->101478 101479 7ff8a930c8a5 101477->101479 101478->101476 101480 7ff8a930c907 X509_STORE_CTX_set_ex_data 101479->101480 101481 7ff8a930c91a 101480->101481 101482 7ff8a930ca27 X509_STORE_CTX_free 101480->101482 101483 7ff8a930c941 X509_STORE_CTX_set_default X509_VERIFY_PARAM_set1 101481->101483 101484 7ff8a930c926 OPENSSL_sk_num 101481->101484 101482->101471 101486 7ff8a930c979 X509_STORE_CTX_set_verify_cb 101483->101486 101487 7ff8a930c981 101483->101487 101484->101483 101485 7ff8a930c936 X509_STORE_CTX_set0_dane 101484->101485 101485->101483 101486->101487 101488 7ff8a930c9a7 X509_STORE_CTX_get_error OPENSSL_sk_pop_free X509_STORE_CTX_get0_chain 101487->101488 101489 7ff8a930ca18 X509_VERIFY_PARAM_move_peername 101488->101489 101490 7ff8a930c9e2 X509_STORE_CTX_get1_chain 101488->101490 101489->101482 101490->101489 101491 7ff8a930c9f6 ERR_put_error 101490->101491 101491->101489 101493 7ff8a9337e48 101492->101493 101495 7ff8a9337e61 101492->101495 101493->101495 101497 7ff8a92f1e5b 29 API calls 101493->101497 101495->101430 101496->101430 101497->101495 101498 7ff8a9336620 101499 7ff8a92f1023 101498->101499 101500 7ff8a933662c BIO_ctrl 101499->101500 101501 7ff8a933664f 101500->101501 101502 7ff8a9335a80 101503 7ff8a92f1023 101502->101503 101504 7ff8a9335a90 ERR_put_error 101503->101504 101505 7ff8a9335ac1 101504->101505 101506 7ff8a9309063 101507 7ff8a9309070 101506->101507 101508 7ff8a93090d9 101507->101508 101509 7ff8a93090f5 BIO_ctrl 101507->101509 101510 7ff8a9309114 101509->101510 101511 7ff8a8084db3 101513 7ff8a81c62f0 101511->101513 101512 7ff8a81c639d 101513->101512 101514 7ff8a81c67ef 101513->101514 101515 7ff8a81c67cc memmove 101513->101515 101514->101512 101519 7ff8a808279d memmove 101514->101519 101515->101514 101517 7ff8a81c6a59 101517->101512 101520 7ff8a808279d memmove 101517->101520 101519->101517 101520->101512 101521 7ff8a9313410 101522 7ff8a9313420 101521->101522 101523 7ff8a931346c 101522->101523 101524 7ff8a931342c 101522->101524 101526 7ff8a931348b CRYPTO_THREAD_run_once 101523->101526 101531 7ff8a931345f 101523->101531 101525 7ff8a9313435 ERR_put_error 101524->101525 101524->101531 101525->101531 101527 7ff8a93134af 101526->101527 101526->101531 101528 7ff8a93134d8 101527->101528 101529 7ff8a93134b6 CRYPTO_THREAD_run_once 101527->101529 101530 7ff8a93134df CRYPTO_THREAD_run_once 101528->101530 101528->101531 101529->101528 101529->101531 101530->101531 101532 7ff8a9313590 101533 7ff8a931359a 101532->101533 101536 7ff8a92f1a1e 101533->101536 101535 7ff8a93135a2 101536->101535 101537 7ff8a93133c0 101536->101537 101538 7ff8a93133f4 101537->101538 101539 7ff8a93133e8 ERR_load_strings_const 101537->101539 101538->101535 101539->101538 101540 7ff7e71ee80c 101541 7ff7e71ee9fe 101540->101541 101543 7ff7e71ee84e _isindst 101540->101543 101587 7ff7e71e4374 11 API calls _get_daylight 101541->101587 101543->101541 101546 7ff7e71ee8ce _isindst 101543->101546 101544 7ff7e71dacd0 _wfindfirst32i64 8 API calls 101545 7ff7e71eea19 101544->101545 101561 7ff7e71f52e4 101546->101561 101551 7ff7e71eea2a 101553 7ff7e71e9d00 _wfindfirst32i64 17 API calls 101551->101553 101555 7ff7e71eea3e 101553->101555 101558 7ff7e71ee92b 101560 7ff7e71ee9ee 101558->101560 101586 7ff7e71f5328 37 API calls _isindst 101558->101586 101560->101544 101562 7ff7e71f52f3 101561->101562 101563 7ff7e71ee8ec 101561->101563 101588 7ff7e71ef6b8 EnterCriticalSection 101562->101588 101568 7ff7e71f46e8 101563->101568 101565 7ff7e71f52fb 101566 7ff7e71f530c 101565->101566 101567 7ff7e71f5154 55 API calls 101565->101567 101567->101566 101569 7ff7e71f46f1 101568->101569 101570 7ff7e71ee901 101568->101570 101589 7ff7e71e4374 11 API calls _get_daylight 101569->101589 101570->101551 101574 7ff7e71f4718 101570->101574 101572 7ff7e71f46f6 101590 7ff7e71e9ce0 37 API calls _invalid_parameter_noinfo 101572->101590 101575 7ff7e71f4721 101574->101575 101576 7ff7e71ee912 101574->101576 101591 7ff7e71e4374 11 API calls _get_daylight 101575->101591 101576->101551 101580 7ff7e71f4748 101576->101580 101578 7ff7e71f4726 101592 7ff7e71e9ce0 37 API calls _invalid_parameter_noinfo 101578->101592 101581 7ff7e71f4751 101580->101581 101582 7ff7e71ee923 101580->101582 101593 7ff7e71e4374 11 API calls _get_daylight 101581->101593 101582->101551 101582->101558 101584 7ff7e71f4756 101594 7ff7e71e9ce0 37 API calls _invalid_parameter_noinfo 101584->101594 101586->101560 101587->101560 101589->101572 101591->101578 101593->101584 101595 7ff8a8082982 101596 7ff8a8248320 101595->101596 101597 7ff8a8248357 101596->101597 101603 7ff8a8248e00 memmove 101596->101603 101599 7ff8a824842f 101599->101597 101604 7ff8a8248e00 memmove 101599->101604 101601 7ff8a82484b2 101601->101597 101605 7ff8a808292d _time64 101601->101605 101603->101599 101604->101601 101605->101597 101606 7ff8a92f1bf9 101607 7ff8a9314d80 101606->101607 101608 7ff8a9314da4 ERR_put_error 101607->101608 101610 7ff8a9314dd4 101607->101610 101609 7ff8a9314dc2 101608->101609 101610->101609 101611 7ff8a9314e58 CRYPTO_zalloc 101610->101611 101612 7ff8a9314df2 ERR_put_error 101610->101612 101613 7ff8a9314e14 101611->101613 101614 7ff8a9314e77 CRYPTO_THREAD_lock_new 101611->101614 101612->101613 101615 7ff8a9314e1f ERR_put_error 101613->101615 101634 7ff8a9314e41 101613->101634 101617 7ff8a9314ef8 101614->101617 101618 7ff8a9314ebe ERR_put_error CRYPTO_free 101614->101618 101615->101634 101617->101613 101619 7ff8a9314f1e OPENSSL_LH_new 101617->101619 101618->101634 101619->101613 101620 7ff8a9314f3e 101619->101620 101620->101613 101621 7ff8a9314fb1 OPENSSL_sk_num 101620->101621 101621->101613 101622 7ff8a9314fc2 101621->101622 101622->101613 101623 7ff8a9314fd7 EVP_get_digestbyname 101622->101623 101623->101613 101624 7ff8a9314fff EVP_get_digestbyname 101623->101624 101624->101613 101625 7ff8a9315027 OPENSSL_sk_new_null 101624->101625 101625->101613 101626 7ff8a931503c OPENSSL_sk_new_null 101625->101626 101626->101613 101627 7ff8a9315051 CRYPTO_new_ex_data 101626->101627 101627->101613 101628 7ff8a931506d 101627->101628 101628->101613 101629 7ff8a93150ad RAND_bytes 101628->101629 101630 7ff8a93150d8 RAND_priv_bytes 101629->101630 101631 7ff8a9315106 101629->101631 101630->101631 101632 7ff8a93150ed RAND_priv_bytes 101630->101632 101633 7ff8a9315110 RAND_priv_bytes 101631->101633 101632->101631 101632->101633 101633->101613

                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                Function 00007FF8A93001F0 Relevance: 46.3, APIs: 18, Strings: 8, Instructions: 787COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: D_sizeO_memcmpR_flagsX_cipherX_md
                                                                                                                                                                                                                                • String ID: $..\s\ssl\record\ssl3_record.c$@$CONNE$GET $HEAD $POST $PUT
                                                                                                                                                                                                                                • API String ID: 2456506815-352295518
                                                                                                                                                                                                                                • Opcode ID: 78c7445cb9e8f13d37dab6a83bc7be3f6aca956914f3d1ac50c01b0496899a75
                                                                                                                                                                                                                                • Instruction ID: d5e9553c1d9f032e5604ae9f25c31afbee01197f86c9d8ffdfad49741c946e42
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 78c7445cb9e8f13d37dab6a83bc7be3f6aca956914f3d1ac50c01b0496899a75
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7072A032A0EAC296FB208E55D4447BA76B1EB44BC8F145175DA8E8B7D8CF7CE585CB00
                                                                                                                                                                                                                                Function 00007FF8A92F1BF9 Relevance: 40.5, APIs: 18, Strings: 5, Instructions: 211COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 232 7ff8a92f1bf9-7ff8a9314da2 call 7ff8a92f1023 236 7ff8a9314dd4-7ff8a9314de2 call 7ff8a92f2063 232->236 237 7ff8a9314da4-7ff8a9314dbd ERR_put_error 232->237 238 7ff8a9314dc2-7ff8a9314dd3 236->238 241 7ff8a9314de4-7ff8a9314df0 call 7ff8a92f1fd2 236->241 237->238 244 7ff8a9314e58-7ff8a9314e75 CRYPTO_zalloc 241->244 245 7ff8a9314df2-7ff8a9314e0f ERR_put_error 241->245 246 7ff8a9314e14-7ff8a9314e19 244->246 247 7ff8a9314e77-7ff8a9314ebc CRYPTO_THREAD_lock_new 244->247 245->246 248 7ff8a9314e1f-7ff8a9314e3c ERR_put_error call 7ff8a92f244b 246->248 252 7ff8a9314ef8-7ff8a9314f18 call 7ff8a92f24a5 247->252 253 7ff8a9314ebe-7ff8a9314ef3 ERR_put_error CRYPTO_free 247->253 251 7ff8a9314e41 248->251 254 7ff8a9314e43-7ff8a9314e57 251->254 252->246 257 7ff8a9314f1e-7ff8a9314f38 OPENSSL_LH_new 252->257 253->251 257->246 258 7ff8a9314f3e-7ff8a9314f4a call 7ff8a935c86f 257->258 258->246 261 7ff8a9314f50-7ff8a9314f5f call 7ff8a935cbf3 258->261 261->246 264 7ff8a9314f65-7ff8a9314f76 call 7ff8a92f17f3 261->264 264->246 267 7ff8a9314f7c-7ff8a9314fab call 7ff8a92f174e 264->267 270 7ff8a9315178-7ff8a9315183 267->270 271 7ff8a9314fb1-7ff8a9314fbc OPENSSL_sk_num 267->271 270->248 271->270 272 7ff8a9314fc2-7ff8a9314fd1 call 7ff8a935cb27 271->272 272->246 275 7ff8a9314fd7-7ff8a9314fed EVP_get_digestbyname 272->275 276 7ff8a9314fff-7ff8a9315015 EVP_get_digestbyname 275->276 277 7ff8a9314fef-7ff8a9314ffa 275->277 278 7ff8a9315027-7ff8a9315036 OPENSSL_sk_new_null 276->278 279 7ff8a9315017-7ff8a9315022 276->279 277->248 278->246 280 7ff8a931503c-7ff8a931504b OPENSSL_sk_new_null 278->280 279->248 280->246 281 7ff8a9315051-7ff8a9315067 CRYPTO_new_ex_data 280->281 281->246 282 7ff8a931506d-7ff8a931508e call 7ff8a935cac1 281->282 282->246 285 7ff8a9315094-7ff8a931509f 282->285 286 7ff8a93150ad-7ff8a93150d6 RAND_bytes 285->286 287 7ff8a93150a1-7ff8a93150a6 call 7ff8a92f1e3d 285->287 289 7ff8a93150d8-7ff8a93150eb RAND_priv_bytes 286->289 290 7ff8a9315106 286->290 287->286 289->290 292 7ff8a93150ed-7ff8a9315104 RAND_priv_bytes 289->292 293 7ff8a9315110-7ff8a9315123 RAND_priv_bytes 290->293 292->290 292->293 293->246 294 7ff8a9315129-7ff8a9315133 call 7ff8a92f2554 293->294 294->246 297 7ff8a9315139-7ff8a9315173 call 7ff8a92f1438 294->297 297->254
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: R_put_error
                                                                                                                                                                                                                                • String ID: ..\s\ssl\ssl_lib.c$ALL:!COMPLEMENTOFDEFAULT:!eNULL$TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256$ssl3-md5$ssl3-sha1
                                                                                                                                                                                                                                • API String ID: 1767461275-1115027282
                                                                                                                                                                                                                                • Opcode ID: 8f48da3a84b31fc95d831133bfce5bd43d82fa839a3b326f7652dd2b7ced4813
                                                                                                                                                                                                                                • Instruction ID: 98da5515411dbd37aaf86b035f3d177731a54fa6152162e2d0b42b534840ec0f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8f48da3a84b31fc95d831133bfce5bd43d82fa839a3b326f7652dd2b7ced4813
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A5A14B61A0EFC2A5FF50DF25E4553A832B0EF48B88F542135DA4C8A39AEF7CE5548321
                                                                                                                                                                                                                                Function 00007FF8A92F16B8 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 335COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 300 7ff8a92f16b8-7ff8a933e188 call 7ff8a92f1023 OPENSSL_sk_new_null 304 7ff8a933e18a-7ff8a933e199 300->304 305 7ff8a933e19e-7ff8a933e1ad 300->305 308 7ff8a933e69d 304->308 306 7ff8a933e1e8-7ff8a933e1f0 305->306 307 7ff8a933e1af-7ff8a933e1b6 305->307 311 7ff8a933e68c-7ff8a933e699 306->311 312 7ff8a933e1f6-7ff8a933e226 306->312 307->306 310 7ff8a933e1b8-7ff8a933e1bd 307->310 309 7ff8a933e6a4 308->309 313 7ff8a933e6a7-7ff8a933e6b2 call 7ff8a92f1a14 309->313 310->306 314 7ff8a933e1bf-7ff8a933e1c6 310->314 311->308 312->311 315 7ff8a933e22c-7ff8a933e22f 312->315 319 7ff8a933e6b7 313->319 314->311 317 7ff8a933e1cc-7ff8a933e1e2 314->317 315->311 318 7ff8a933e235-7ff8a933e23f 315->318 317->306 317->311 320 7ff8a933e240-7ff8a933e244 318->320 321 7ff8a933e6bf-7ff8a933e6ef X509_free OPENSSL_sk_pop_free 319->321 322 7ff8a933e24a-7ff8a933e27b 320->322 323 7ff8a933e663-7ff8a933e68a call 7ff8a92f1a14 320->323 322->323 324 7ff8a933e281-7ff8a933e2a6 d2i_X509 322->324 323->319 327 7ff8a933e2ac-7ff8a933e2b5 324->327 328 7ff8a933e650-7ff8a933e661 324->328 329 7ff8a933e2bb-7ff8a933e2ca 327->329 330 7ff8a933e63d-7ff8a933e64e 327->330 328->309 331 7ff8a933e381-7ff8a933e396 OPENSSL_sk_push 329->331 332 7ff8a933e2d0-7ff8a933e2d7 329->332 330->309 334 7ff8a933e39c-7ff8a933e3a6 331->334 335 7ff8a933e614-7ff8a933e638 call 7ff8a92f1a14 331->335 332->331 333 7ff8a933e2dd-7ff8a933e2e2 332->333 333->331 336 7ff8a933e2e8-7ff8a933e302 call 7ff8a9336e00 333->336 334->320 338 7ff8a933e3ac-7ff8a933e3bf call 7ff8a92f1299 334->338 335->321 346 7ff8a933e308-7ff8a933e333 call 7ff8a92f1f4b 336->346 347 7ff8a933e416-7ff8a933e429 336->347 344 7ff8a933e42e-7ff8a933e436 ERR_clear_error 338->344 345 7ff8a933e3c1-7ff8a933e3c3 338->345 350 7ff8a933e438-7ff8a933e45e call 7ff8a92f1a14 344->350 351 7ff8a933e463-7ff8a933e48f OPENSSL_sk_value X509_get0_pubkey 344->351 345->344 348 7ff8a933e3c5-7ff8a933e3ee call 7ff8a92f1dfc call 7ff8a92f1a14 345->348 359 7ff8a933e3fb-7ff8a933e411 CRYPTO_free 346->359 360 7ff8a933e339-7ff8a933e365 call 7ff8a92f1c8a 346->360 347->313 368 7ff8a933e3f3-7ff8a933e3f6 348->368 350->321 355 7ff8a933e5e6-7ff8a933e60f call 7ff8a92f1a14 351->355 356 7ff8a933e495-7ff8a933e49f EVP_PKEY_missing_parameters 351->356 355->321 356->355 362 7ff8a933e4a5-7ff8a933e4b8 call 7ff8a92f1e2e 356->362 359->319 360->359 372 7ff8a933e36b-7ff8a933e37c CRYPTO_free 360->372 370 7ff8a933e4ba-7ff8a933e4df call 7ff8a92f1a14 362->370 371 7ff8a933e4e4-7ff8a933e4f3 362->371 368->321 370->321 374 7ff8a933e505-7ff8a933e519 371->374 375 7ff8a933e4f5-7ff8a933e4fc 371->375 372->331 378 7ff8a933e51b-7ff8a933e542 call 7ff8a92f1a14 374->378 379 7ff8a933e547-7ff8a933e5a6 X509_free X509_up_ref 374->379 375->374 377 7ff8a933e4fe-7ff8a933e503 375->377 377->374 377->379 378->321 381 7ff8a933e5a8-7ff8a933e5af 379->381 382 7ff8a933e5dc-7ff8a933e5e1 379->382 381->382 384 7ff8a933e5b1-7ff8a933e5b6 381->384 382->321 384->382 385 7ff8a933e5b8-7ff8a933e5d6 call 7ff8a92f1d6b 384->385 385->321 385->382
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: L_sk_new_nullL_sk_pop_freeX509X509_freed2i_
                                                                                                                                                                                                                                • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                                • API String ID: 1068509327-1507966698
                                                                                                                                                                                                                                • Opcode ID: d60065ac7b169bd453d18a6eac763743a4a4253f155781a9ab999192c92f6d1b
                                                                                                                                                                                                                                • Instruction ID: 8e821ebc99aeb1ea6773b5278ca11ddc84d9eb8579bd655efba05d879894ad77
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d60065ac7b169bd453d18a6eac763743a4a4253f155781a9ab999192c92f6d1b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B2E1AF72B0EAC196E7309F16D4407AA77A0EB84BC8F449139DA9D87B99DF3CE551CB00
                                                                                                                                                                                                                                Function 00007FF7E71F4D50 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 794 7ff7e71f4d50-7ff7e71f4d8b call 7ff7e71f46d8 call 7ff7e71f46e0 call 7ff7e71f4748 801 7ff7e71f4fb5-7ff7e71f5001 call 7ff7e71e9d00 call 7ff7e71f46d8 call 7ff7e71f46e0 call 7ff7e71f4748 794->801 802 7ff7e71f4d91-7ff7e71f4d9c call 7ff7e71f46e8 794->802 829 7ff7e71f513f-7ff7e71f51ad call 7ff7e71e9d00 call 7ff7e71f05e8 801->829 830 7ff7e71f5007-7ff7e71f5012 call 7ff7e71f46e8 801->830 802->801 807 7ff7e71f4da2-7ff7e71f4dac 802->807 809 7ff7e71f4dce-7ff7e71f4dd2 807->809 810 7ff7e71f4dae-7ff7e71f4db1 807->810 813 7ff7e71f4dd5-7ff7e71f4ddd 809->813 812 7ff7e71f4db4-7ff7e71f4dbf 810->812 815 7ff7e71f4dc1-7ff7e71f4dc8 812->815 816 7ff7e71f4dca-7ff7e71f4dcc 812->816 813->813 817 7ff7e71f4ddf-7ff7e71f4df2 call 7ff7e71ec9fc 813->817 815->812 815->816 816->809 819 7ff7e71f4dfb-7ff7e71f4e09 816->819 824 7ff7e71f4df4-7ff7e71f4df6 call 7ff7e71e9d48 817->824 825 7ff7e71f4e0a-7ff7e71f4e16 call 7ff7e71e9d48 817->825 824->819 835 7ff7e71f4e1d-7ff7e71f4e25 825->835 848 7ff7e71f51af-7ff7e71f51b6 829->848 849 7ff7e71f51bb-7ff7e71f51be 829->849 830->829 837 7ff7e71f5018-7ff7e71f5023 call 7ff7e71f4718 830->837 835->835 838 7ff7e71f4e27-7ff7e71f4e38 call 7ff7e71ef854 835->838 837->829 846 7ff7e71f5029-7ff7e71f504c call 7ff7e71e9d48 GetTimeZoneInformation 837->846 838->801 847 7ff7e71f4e3e-7ff7e71f4e94 call 7ff7e71dc150 * 4 call 7ff7e71f4c6c 838->847 863 7ff7e71f5114-7ff7e71f513e call 7ff7e71f46d0 call 7ff7e71f46c0 call 7ff7e71f46c8 846->863 864 7ff7e71f5052-7ff7e71f5073 846->864 906 7ff7e71f4e96-7ff7e71f4e9a 847->906 854 7ff7e71f524b-7ff7e71f524e 848->854 850 7ff7e71f51f5-7ff7e71f5208 call 7ff7e71ec9fc 849->850 851 7ff7e71f51c0 849->851 873 7ff7e71f5213-7ff7e71f522e call 7ff7e71f05e8 850->873 874 7ff7e71f520a 850->874 855 7ff7e71f51c3 851->855 854->855 859 7ff7e71f5254-7ff7e71f525c call 7ff7e71f4d50 854->859 861 7ff7e71f51c8-7ff7e71f51f4 call 7ff7e71e9d48 call 7ff7e71dacd0 855->861 862 7ff7e71f51c3 call 7ff7e71f4fcc 855->862 859->861 862->861 868 7ff7e71f5075-7ff7e71f507b 864->868 869 7ff7e71f507e-7ff7e71f5085 864->869 868->869 876 7ff7e71f5099 869->876 877 7ff7e71f5087-7ff7e71f508f 869->877 890 7ff7e71f5235-7ff7e71f5247 call 7ff7e71e9d48 873->890 891 7ff7e71f5230-7ff7e71f5233 873->891 881 7ff7e71f520c-7ff7e71f5211 call 7ff7e71e9d48 874->881 886 7ff7e71f509b-7ff7e71f510f call 7ff7e71dc150 * 4 call 7ff7e71f1bac call 7ff7e71f5264 * 2 876->886 877->876 883 7ff7e71f5091-7ff7e71f5097 877->883 881->851 883->886 886->863 890->854 891->881 908 7ff7e71f4ea0-7ff7e71f4ea4 906->908 909 7ff7e71f4e9c 906->909 908->906 912 7ff7e71f4ea6-7ff7e71f4ecb call 7ff7e71f7b94 908->912 909->908 918 7ff7e71f4ece-7ff7e71f4ed2 912->918 920 7ff7e71f4ed4-7ff7e71f4edf 918->920 921 7ff7e71f4ee1-7ff7e71f4ee5 918->921 920->921 923 7ff7e71f4ee7-7ff7e71f4eeb 920->923 921->918 925 7ff7e71f4eed-7ff7e71f4f15 call 7ff7e71f7b94 923->925 926 7ff7e71f4f6c-7ff7e71f4f70 923->926 935 7ff7e71f4f33-7ff7e71f4f37 925->935 936 7ff7e71f4f17 925->936 927 7ff7e71f4f72-7ff7e71f4f74 926->927 928 7ff7e71f4f77-7ff7e71f4f84 926->928 927->928 930 7ff7e71f4f86-7ff7e71f4f9c call 7ff7e71f4c6c 928->930 931 7ff7e71f4f9f-7ff7e71f4fae call 7ff7e71f46d0 call 7ff7e71f46c0 928->931 930->931 931->801 935->926 939 7ff7e71f4f39-7ff7e71f4f57 call 7ff7e71f7b94 935->939 937 7ff7e71f4f1a-7ff7e71f4f21 936->937 937->935 941 7ff7e71f4f23-7ff7e71f4f31 937->941 946 7ff7e71f4f63-7ff7e71f4f6a 939->946 941->935 941->937 946->926 947 7ff7e71f4f59-7ff7e71f4f5d 946->947 947->926 948 7ff7e71f4f5f 947->948 948->946
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7E71F4D95
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71F46E8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E71F46FC
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71E9D48: HeapFree.KERNEL32(?,?,?,00007FF7E71F1D72,?,?,?,00007FF7E71F1DAF,?,?,00000000,00007FF7E71F2275,?,?,?,00007FF7E71F21A7), ref: 00007FF7E71E9D5E
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71E9D48: GetLastError.KERNEL32(?,?,?,00007FF7E71F1D72,?,?,?,00007FF7E71F1DAF,?,?,00000000,00007FF7E71F2275,?,?,?,00007FF7E71F21A7), ref: 00007FF7E71E9D68
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71E9D00: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7E71E9CDF,?,?,?,?,?,00007FF7E71E211C), ref: 00007FF7E71E9D09
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71E9D00: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7E71E9CDF,?,?,?,?,?,00007FF7E71E211C), ref: 00007FF7E71E9D2E
                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7E71F4D84
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71F4748: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E71F475C
                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7E71F4FFA
                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7E71F500B
                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7E71F501C
                                                                                                                                                                                                                                • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7E71F525C), ref: 00007FF7E71F5043
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                                • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                • API String ID: 4070488512-239921721
                                                                                                                                                                                                                                • Opcode ID: 9604240e68820e5562e5c5bdf89ef322da5820e448d3a90649f181d06af63343
                                                                                                                                                                                                                                • Instruction ID: 65339d913b94eb0a5e10f87a0746d84686f3380d16f0c102bb8684e649c7dbf7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9604240e68820e5562e5c5bdf89ef322da5820e448d3a90649f181d06af63343
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DBD1CF26A0875286E728BF25E8403B9A261FFC4794F844137EF6D47686DF3CE4538762
                                                                                                                                                                                                                                Function 00007FF7E71F5C9C Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 1076 7ff7e71f5c9c-7ff7e71f5d0f call 7ff7e71f59d0 1079 7ff7e71f5d11-7ff7e71f5d1a call 7ff7e71e4354 1076->1079 1080 7ff7e71f5d29-7ff7e71f5d33 call 7ff7e71e6c2c 1076->1080 1087 7ff7e71f5d1d-7ff7e71f5d24 call 7ff7e71e4374 1079->1087 1085 7ff7e71f5d35-7ff7e71f5d4c call 7ff7e71e4354 call 7ff7e71e4374 1080->1085 1086 7ff7e71f5d4e-7ff7e71f5db7 CreateFileW 1080->1086 1085->1087 1089 7ff7e71f5e34-7ff7e71f5e3f GetFileType 1086->1089 1090 7ff7e71f5db9-7ff7e71f5dbf 1086->1090 1099 7ff7e71f606a-7ff7e71f608a 1087->1099 1092 7ff7e71f5e41-7ff7e71f5e7c GetLastError call 7ff7e71e42e8 CloseHandle 1089->1092 1093 7ff7e71f5e92-7ff7e71f5e99 1089->1093 1095 7ff7e71f5e01-7ff7e71f5e2f GetLastError call 7ff7e71e42e8 1090->1095 1096 7ff7e71f5dc1-7ff7e71f5dc5 1090->1096 1092->1087 1110 7ff7e71f5e82-7ff7e71f5e8d call 7ff7e71e4374 1092->1110 1100 7ff7e71f5ea1-7ff7e71f5ea4 1093->1100 1101 7ff7e71f5e9b-7ff7e71f5e9f 1093->1101 1095->1087 1096->1095 1103 7ff7e71f5dc7-7ff7e71f5dff CreateFileW 1096->1103 1107 7ff7e71f5ea6 1100->1107 1108 7ff7e71f5eaa-7ff7e71f5eff call 7ff7e71e6b44 1100->1108 1101->1108 1103->1089 1103->1095 1107->1108 1115 7ff7e71f5f01-7ff7e71f5f0d call 7ff7e71f5bd8 1108->1115 1116 7ff7e71f5f1e-7ff7e71f5f4f call 7ff7e71f5750 1108->1116 1110->1087 1115->1116 1121 7ff7e71f5f0f 1115->1121 1122 7ff7e71f5f55-7ff7e71f5f97 1116->1122 1123 7ff7e71f5f51-7ff7e71f5f53 1116->1123 1124 7ff7e71f5f11-7ff7e71f5f19 call 7ff7e71e9ec0 1121->1124 1125 7ff7e71f5fb9-7ff7e71f5fc4 1122->1125 1126 7ff7e71f5f99-7ff7e71f5f9d 1122->1126 1123->1124 1124->1099 1129 7ff7e71f5fca-7ff7e71f5fce 1125->1129 1130 7ff7e71f6068 1125->1130 1126->1125 1128 7ff7e71f5f9f-7ff7e71f5fb4 1126->1128 1128->1125 1129->1130 1132 7ff7e71f5fd4-7ff7e71f6019 CloseHandle CreateFileW 1129->1132 1130->1099 1133 7ff7e71f604e-7ff7e71f6063 1132->1133 1134 7ff7e71f601b-7ff7e71f6049 GetLastError call 7ff7e71e42e8 call 7ff7e71e6d6c 1132->1134 1133->1130 1134->1133
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1617910340-0
                                                                                                                                                                                                                                • Opcode ID: 632e748b839932f5b00ec5f176d5a067dee1d4c4f3157cbf34afbb6f699b0397
                                                                                                                                                                                                                                • Instruction ID: 96cc182db4407940e0487c6f38c8e5f2927640bbd52c924e9c8c78a9e02ff2e4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 632e748b839932f5b00ec5f176d5a067dee1d4c4f3157cbf34afbb6f699b0397
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 48C1F536B24B4186EB14EF64D4807AC7761FB89B98B510236DF2E97394CF38D466C311
                                                                                                                                                                                                                                Function 00007FF7E71F4FCC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 1457 7ff7e71f4fcc-7ff7e71f5001 call 7ff7e71f46d8 call 7ff7e71f46e0 call 7ff7e71f4748 1464 7ff7e71f513f-7ff7e71f51ad call 7ff7e71e9d00 call 7ff7e71f05e8 1457->1464 1465 7ff7e71f5007-7ff7e71f5012 call 7ff7e71f46e8 1457->1465 1477 7ff7e71f51af-7ff7e71f51b6 1464->1477 1478 7ff7e71f51bb-7ff7e71f51be 1464->1478 1465->1464 1470 7ff7e71f5018-7ff7e71f5023 call 7ff7e71f4718 1465->1470 1470->1464 1476 7ff7e71f5029-7ff7e71f504c call 7ff7e71e9d48 GetTimeZoneInformation 1470->1476 1490 7ff7e71f5114-7ff7e71f513e call 7ff7e71f46d0 call 7ff7e71f46c0 call 7ff7e71f46c8 1476->1490 1491 7ff7e71f5052-7ff7e71f5073 1476->1491 1482 7ff7e71f524b-7ff7e71f524e 1477->1482 1479 7ff7e71f51f5-7ff7e71f5208 call 7ff7e71ec9fc 1478->1479 1480 7ff7e71f51c0 1478->1480 1498 7ff7e71f5213-7ff7e71f522e call 7ff7e71f05e8 1479->1498 1499 7ff7e71f520a 1479->1499 1483 7ff7e71f51c3 1480->1483 1482->1483 1486 7ff7e71f5254-7ff7e71f525c call 7ff7e71f4d50 1482->1486 1488 7ff7e71f51c8-7ff7e71f51f4 call 7ff7e71e9d48 call 7ff7e71dacd0 1483->1488 1489 7ff7e71f51c3 call 7ff7e71f4fcc 1483->1489 1486->1488 1489->1488 1494 7ff7e71f5075-7ff7e71f507b 1491->1494 1495 7ff7e71f507e-7ff7e71f5085 1491->1495 1494->1495 1501 7ff7e71f5099 1495->1501 1502 7ff7e71f5087-7ff7e71f508f 1495->1502 1513 7ff7e71f5235-7ff7e71f5247 call 7ff7e71e9d48 1498->1513 1514 7ff7e71f5230-7ff7e71f5233 1498->1514 1505 7ff7e71f520c-7ff7e71f5211 call 7ff7e71e9d48 1499->1505 1509 7ff7e71f509b-7ff7e71f510f call 7ff7e71dc150 * 4 call 7ff7e71f1bac call 7ff7e71f5264 * 2 1501->1509 1502->1501 1507 7ff7e71f5091-7ff7e71f5097 1502->1507 1505->1480 1507->1509 1509->1490 1513->1482 1514->1505
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7E71F4FFA
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71F4748: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E71F475C
                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7E71F500B
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71F46E8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E71F46FC
                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7E71F501C
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71F4718: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E71F472C
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71E9D48: HeapFree.KERNEL32(?,?,?,00007FF7E71F1D72,?,?,?,00007FF7E71F1DAF,?,?,00000000,00007FF7E71F2275,?,?,?,00007FF7E71F21A7), ref: 00007FF7E71E9D5E
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71E9D48: GetLastError.KERNEL32(?,?,?,00007FF7E71F1D72,?,?,?,00007FF7E71F1DAF,?,?,00000000,00007FF7E71F2275,?,?,?,00007FF7E71F21A7), ref: 00007FF7E71E9D68
                                                                                                                                                                                                                                • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7E71F525C), ref: 00007FF7E71F5043
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                • API String ID: 3458911817-239921721
                                                                                                                                                                                                                                • Opcode ID: 35e2d5c93137b8b0a027e840dca31b369a239d429a1659609ffe838318533280
                                                                                                                                                                                                                                • Instruction ID: 8f04323fa3229e03df4e870a358000656c322c9fe85baf0497456a4b7b9c0a96
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 35e2d5c93137b8b0a027e840dca31b369a239d429a1659609ffe838318533280
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A5518F32A1875286E724FF21E8803A9A764FF88784FC44137EB6D47696DF3CE4128761
                                                                                                                                                                                                                                Function 00007FF8A9313410 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: D_run_once$R_put_error
                                                                                                                                                                                                                                • String ID: ..\s\ssl\ssl_init.c
                                                                                                                                                                                                                                • API String ID: 511881677-1166085723
                                                                                                                                                                                                                                • Opcode ID: 8dc15caf5e793a17cf2c4443d9441d652af2a4ece5e413b0ca58bf89426d50fc
                                                                                                                                                                                                                                • Instruction ID: f0c8337ab6000670e738c5b2d637c8fb32b2c754739da04c44a371f8defcdca1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8dc15caf5e793a17cf2c4443d9441d652af2a4ece5e413b0ca58bf89426d50fc
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 72210C25E0E983AAFE419F15E8502B622B1EF947C4F996034D90DC21A6EF7CE9598704
                                                                                                                                                                                                                                Function 00007FF7E71D17B0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _fread_nolock$Message_invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                                                                                                                                                                                • API String ID: 2153230061-4158440160
                                                                                                                                                                                                                                • Opcode ID: 8ec4f6c900cc7d0aa3490cd3924a88f7ba7b866ef6c0a43daa6862f8611de3f4
                                                                                                                                                                                                                                • Instruction ID: 3804ac050ed35f54fc5191fd7c15555d91f40baff757bbb0da3ad7d18b535726
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8ec4f6c900cc7d0aa3490cd3924a88f7ba7b866ef6c0a43daa6862f8611de3f4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C515F71A0970286EB18EF24E491378A3A1FF88B59B954137DB2D83395DF3CE542CB52
                                                                                                                                                                                                                                Function 00007FF8A92F1A0F Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 251COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 498 7ff8a92f1a0f-7ff8a93360f4 call 7ff8a92f1023 * 2 505 7ff8a93360fa-7ff8a9336111 ERR_clear_error SetLastError 498->505 506 7ff8a9336403-7ff8a933641d 498->506 507 7ff8a9336113-7ff8a933611a 505->507 508 7ff8a9336121-7ff8a9336128 505->508 507->508 509 7ff8a933612a-7ff8a933612e 508->509 510 7ff8a9336136-7ff8a9336143 508->510 511 7ff8a9336130-7ff8a9336134 509->511 512 7ff8a9336155-7ff8a933615a 509->512 510->512 513 7ff8a9336145-7ff8a933614f call 7ff8a92f190b 510->513 511->510 511->512 515 7ff8a933615c-7ff8a933615f 512->515 516 7ff8a9336167 512->516 513->506 513->512 518 7ff8a9336385-7ff8a9336388 515->518 519 7ff8a9336165 515->519 520 7ff8a933616b-7ff8a9336172 516->520 523 7ff8a933638a-7ff8a933638d call 7ff8a9335be0 518->523 524 7ff8a93363a1-7ff8a93363a4 518->524 519->520 521 7ff8a93361bc-7ff8a93361d1 520->521 522 7ff8a9336174-7ff8a9336182 520->522 525 7ff8a93361d3-7ff8a93361dd 521->525 526 7ff8a9336230-7ff8a933623a 521->526 529 7ff8a93361ae-7ff8a93361b6 522->529 530 7ff8a9336184-7ff8a933618b 522->530 539 7ff8a9336392-7ff8a9336395 523->539 527 7ff8a933641e-7ff8a9336422 524->527 528 7ff8a93363a6-7ff8a93363a9 call 7ff8a9336680 524->528 534 7ff8a93361df-7ff8a93361e2 525->534 535 7ff8a9336246-7ff8a933625c call 7ff8a92f1cdf 525->535 526->535 537 7ff8a933623c-7ff8a9336244 526->537 532 7ff8a9336429-7ff8a933644f ERR_put_error 527->532 533 7ff8a9336424-7ff8a9336427 527->533 547 7ff8a93363ae-7ff8a93363b1 528->547 529->521 530->529 538 7ff8a933618d-7ff8a933619c 530->538 543 7ff8a9336451-7ff8a9336455 532->543 544 7ff8a9336457-7ff8a9336469 532->544 533->532 542 7ff8a933647c-7ff8a933649e ERR_put_error 533->542 545 7ff8a93361eb 534->545 546 7ff8a93361e4-7ff8a93361e9 534->546 564 7ff8a9336268-7ff8a933626f 535->564 565 7ff8a933625e-7ff8a9336266 535->565 548 7ff8a93361f3-7ff8a9336211 ERR_put_error 537->548 538->529 550 7ff8a933619e-7ff8a93361a5 538->550 540 7ff8a93363d9 539->540 541 7ff8a9336397-7ff8a933639f 539->541 557 7ff8a93363dc-7ff8a93363ea BUF_MEM_free 540->557 551 7ff8a93363cc-7ff8a93363d2 541->551 542->540 543->542 543->544 544->542 554 7ff8a933646b-7ff8a9336477 call 7ff8a92f1807 544->554 545->548 546->535 546->545 552 7ff8a93363b3-7ff8a93363be 547->552 553 7ff8a93363c0-7ff8a93363c3 547->553 555 7ff8a933621d-7ff8a933622b 548->555 556 7ff8a9336213-7ff8a9336217 548->556 550->529 559 7ff8a93361a7-7ff8a93361ac 550->559 551->518 562 7ff8a93363d4 551->562 552->551 553->540 560 7ff8a93363c5 553->560 554->542 555->557 556->555 556->557 557->506 563 7ff8a93363ec-7ff8a93363fa 557->563 559->521 559->529 560->551 562->540 568 7ff8a93363fc 563->568 569 7ff8a9336401 563->569 566 7ff8a93362b1-7ff8a93362bb call 7ff8a92f24b4 564->566 567 7ff8a9336271-7ff8a933627c call 7ff8a935cd5b 564->567 565->548 576 7ff8a93362bd 566->576 577 7ff8a9336302-7ff8a933631a call 7ff8a92f118b 566->577 574 7ff8a933628b-7ff8a933629b BUF_MEM_grow 567->574 575 7ff8a933627e-7ff8a9336286 567->575 568->569 569->506 578 7ff8a93362aa 574->578 579 7ff8a933629d-7ff8a93362a5 574->579 575->548 580 7ff8a93362c5-7ff8a93362e3 ERR_put_error 576->580 582 7ff8a933631f-7ff8a9336321 577->582 578->566 579->548 583 7ff8a93362ef-7ff8a93362fd 580->583 584 7ff8a93362e5-7ff8a93362e9 580->584 585 7ff8a933632d-7ff8a9336331 582->585 586 7ff8a9336323-7ff8a933632b 582->586 583->540 584->540 584->583 587 7ff8a9336339-7ff8a9336340 585->587 588 7ff8a9336333-7ff8a9336337 585->588 586->580 589 7ff8a9336342-7ff8a933634f call 7ff8a92f15af 587->589 590 7ff8a9336375-7ff8a9336383 587->590 588->587 588->589 589->557 593 7ff8a9336355-7ff8a9336363 589->593 590->518 590->562 594 7ff8a933636e 593->594 595 7ff8a9336365-7ff8a933636c 593->595 594->590 595->590 595->594
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: R_put_error$ErrorLastM_freeM_growR_clear_error
                                                                                                                                                                                                                                • String ID: ..\s\ssl\statem\statem.c
                                                                                                                                                                                                                                • API String ID: 2562538362-2512360314
                                                                                                                                                                                                                                • Opcode ID: 296d12bbc42577eb09a30cebe784a923d4f0f2cde1909dd2651feff315b0fb17
                                                                                                                                                                                                                                • Instruction ID: ce181e72181a057c7167721e5a441e0856c5625c9299ea9090b35d315a7081a0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 296d12bbc42577eb09a30cebe784a923d4f0f2cde1909dd2651feff315b0fb17
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 49B18432A4EAC2AAFB648F16C44137E36B0EB44B9CF146439D94DC6699CF7DE885C700
                                                                                                                                                                                                                                Function 00007FF8A92F15D7 Relevance: 14.6, APIs: 6, Strings: 2, Instructions: 570COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy$O_clear_flagsO_set_flags
                                                                                                                                                                                                                                • String ID: ..\s\ssl\record\rec_layer_s3.c$SSL alert number
                                                                                                                                                                                                                                • API String ID: 1692547093-34800109
                                                                                                                                                                                                                                • Opcode ID: 5d05621fcc1348929402f3f859357ca16d7f05f02e401d34754fc350e2027cd8
                                                                                                                                                                                                                                • Instruction ID: 05f373016bf8b362c9536b9cb95594a327d69fffa61a0eca58608ddebb813a13
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d05621fcc1348929402f3f859357ca16d7f05f02e401d34754fc350e2027cd8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9342A932A0EAC2E6FA68CE15D5447B936A5FB85BC4F144135CA6D87B8CCFBDE4618700
                                                                                                                                                                                                                                Function 00007FF7E71D12B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Message
                                                                                                                                                                                                                                • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                • API String ID: 2030045667-3659356012
                                                                                                                                                                                                                                • Opcode ID: 2e5092e6f90f0761c3f02bbacc60715018b286ec10017a78fb6877a498183532
                                                                                                                                                                                                                                • Instruction ID: eca12d9aa26068d544d76436a529178d321094646e9c759a61895fbc2ec8e82a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2e5092e6f90f0761c3f02bbacc60715018b286ec10017a78fb6877a498183532
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0E418C22A0874281EA14FB16F4803AAE3A0EF84795F854433DF6D03A45EF7CE5439B22
                                                                                                                                                                                                                                Function 00007FF7E71D1000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 273COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 1139 7ff7e71d1000-7ff7e71d3666 call 7ff7e71defb0 call 7ff7e71defa8 call 7ff7e71d7570 call 7ff7e71defa8 call 7ff7e71dad00 call 7ff7e71e41a0 call 7ff7e71e4e44 call 7ff7e71d1af0 1157 7ff7e71d366c-7ff7e71d367b call 7ff7e71d3b80 1139->1157 1158 7ff7e71d377a 1139->1158 1157->1158 1163 7ff7e71d3681-7ff7e71d3694 call 7ff7e71d3a50 1157->1163 1160 7ff7e71d377f-7ff7e71d379f call 7ff7e71dacd0 1158->1160 1163->1158 1167 7ff7e71d369a-7ff7e71d36ad call 7ff7e71d3b00 1163->1167 1167->1158 1170 7ff7e71d36b3-7ff7e71d36da call 7ff7e71d6970 1167->1170 1173 7ff7e71d371c-7ff7e71d3744 call 7ff7e71d6f10 call 7ff7e71d19d0 1170->1173 1174 7ff7e71d36dc-7ff7e71d36eb call 7ff7e71d6970 1170->1174 1184 7ff7e71d382d-7ff7e71d383e 1173->1184 1185 7ff7e71d374a-7ff7e71d3760 call 7ff7e71d19d0 1173->1185 1174->1173 1180 7ff7e71d36ed-7ff7e71d36f3 1174->1180 1182 7ff7e71d36f5-7ff7e71d36fd 1180->1182 1183 7ff7e71d36ff-7ff7e71d3719 call 7ff7e71e3fcc call 7ff7e71d6f10 1180->1183 1182->1183 1183->1173 1189 7ff7e71d3853-7ff7e71d386b call 7ff7e71d79a0 1184->1189 1190 7ff7e71d3840-7ff7e71d384a call 7ff7e71d3260 1184->1190 1196 7ff7e71d37a0-7ff7e71d37a3 1185->1196 1197 7ff7e71d3762-7ff7e71d3775 call 7ff7e71d2770 1185->1197 1200 7ff7e71d386d-7ff7e71d3879 call 7ff7e71d2770 1189->1200 1201 7ff7e71d387e-7ff7e71d3885 SetDllDirectoryW 1189->1201 1204 7ff7e71d388b-7ff7e71d3898 call 7ff7e71d5e20 1190->1204 1205 7ff7e71d384c 1190->1205 1196->1184 1203 7ff7e71d37a9-7ff7e71d37c0 call 7ff7e71d3c90 1196->1203 1197->1158 1200->1158 1201->1204 1214 7ff7e71d37c2-7ff7e71d37c5 1203->1214 1215 7ff7e71d37c7-7ff7e71d37f3 call 7ff7e71d7170 1203->1215 1212 7ff7e71d38e6-7ff7e71d38eb call 7ff7e71d5da0 1204->1212 1213 7ff7e71d389a-7ff7e71d38aa call 7ff7e71d5ac0 1204->1213 1205->1189 1222 7ff7e71d38f0-7ff7e71d38f3 1212->1222 1213->1212 1229 7ff7e71d38ac-7ff7e71d38bb call 7ff7e71d5620 1213->1229 1216 7ff7e71d3802-7ff7e71d3818 call 7ff7e71d2770 1214->1216 1224 7ff7e71d37f5-7ff7e71d37fd call 7ff7e71df1dc 1215->1224 1225 7ff7e71d381d-7ff7e71d382b 1215->1225 1216->1158 1227 7ff7e71d39a6-7ff7e71d39ae call 7ff7e71d30f0 1222->1227 1228 7ff7e71d38f9-7ff7e71d3906 1222->1228 1224->1216 1225->1190 1234 7ff7e71d39b3-7ff7e71d39b5 1227->1234 1231 7ff7e71d3910-7ff7e71d391a 1228->1231 1242 7ff7e71d38dc-7ff7e71d38e1 call 7ff7e71d5870 1229->1242 1243 7ff7e71d38bd-7ff7e71d38c9 call 7ff7e71d55b0 1229->1243 1236 7ff7e71d3923-7ff7e71d3925 1231->1236 1237 7ff7e71d391c-7ff7e71d3921 1231->1237 1234->1158 1239 7ff7e71d39bb-7ff7e71d39f2 call 7ff7e71d6ea0 call 7ff7e71d6970 call 7ff7e71d53c0 1234->1239 1240 7ff7e71d3971-7ff7e71d397c call 7ff7e71d3250 call 7ff7e71d3090 1236->1240 1241 7ff7e71d3927-7ff7e71d394a call 7ff7e71d1b30 1236->1241 1237->1231 1237->1236 1239->1158 1266 7ff7e71d39f8-7ff7e71d3a2d call 7ff7e71d3250 call 7ff7e71d6f50 call 7ff7e71d5870 call 7ff7e71d5da0 1239->1266 1260 7ff7e71d3981-7ff7e71d39a1 call 7ff7e71d3240 call 7ff7e71d5870 call 7ff7e71d5da0 1240->1260 1241->1158 1253 7ff7e71d3950-7ff7e71d395b 1241->1253 1242->1212 1243->1242 1254 7ff7e71d38cb-7ff7e71d38da call 7ff7e71d5c70 1243->1254 1257 7ff7e71d3960-7ff7e71d396f 1253->1257 1254->1222 1257->1240 1257->1257 1260->1160 1279 7ff7e71d3a2f-7ff7e71d3a32 call 7ff7e71d6c10 1266->1279 1280 7ff7e71d3a37-7ff7e71d3a41 call 7ff7e71d1ab0 1266->1280 1279->1280 1280->1160
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D3B80: GetModuleFileNameW.KERNEL32(?,00007FF7E71D3679), ref: 00007FF7E71D3BB1
                                                                                                                                                                                                                                • SetDllDirectoryW.KERNEL32 ref: 00007FF7E71D3885
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D6970: GetEnvironmentVariableW.KERNEL32(00007FF7E71D36C7), ref: 00007FF7E71D69AA
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D6970: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7E71D69C7
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                                                                                                                                                                                • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                                                                • API String ID: 2344891160-3602715111
                                                                                                                                                                                                                                • Opcode ID: 66f6e979e7117d0fd9cffebc0098d017bf6a8aea12f951111d67548da8fee6b4
                                                                                                                                                                                                                                • Instruction ID: 206b906c5899189a66096f3e8e6ebf7fbd47e3c84ff32ff8bb89dec1a31cfcb7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 66f6e979e7117d0fd9cffebc0098d017bf6a8aea12f951111d67548da8fee6b4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E4B1A261A1C78381EE64BB21F4913B99251AFC5786FC40133EB6D47696EE3CE5078B22
                                                                                                                                                                                                                                Function 00007FF7E71D1050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 1284 7ff7e71d1050-7ff7e71d10ab call 7ff7e71d98b0 1287 7ff7e71d10d3-7ff7e71d10eb call 7ff7e71e3fe0 1284->1287 1288 7ff7e71d10ad-7ff7e71d10d2 call 7ff7e71d2770 1284->1288 1293 7ff7e71d10ed-7ff7e71d1104 call 7ff7e71d24d0 1287->1293 1294 7ff7e71d1109-7ff7e71d1119 call 7ff7e71e3fe0 1287->1294 1299 7ff7e71d126c-7ff7e71d12a0 call 7ff7e71d95a0 call 7ff7e71e3fcc * 2 1293->1299 1300 7ff7e71d111b-7ff7e71d1132 call 7ff7e71d24d0 1294->1300 1301 7ff7e71d1137-7ff7e71d1147 1294->1301 1300->1299 1303 7ff7e71d1150-7ff7e71d1175 call 7ff7e71df52c 1301->1303 1310 7ff7e71d117b-7ff7e71d1185 call 7ff7e71df2a0 1303->1310 1311 7ff7e71d125e 1303->1311 1310->1311 1318 7ff7e71d118b-7ff7e71d1197 1310->1318 1313 7ff7e71d1264 1311->1313 1313->1299 1319 7ff7e71d11a0-7ff7e71d11c8 call 7ff7e71d7d20 1318->1319 1322 7ff7e71d1241-7ff7e71d125c call 7ff7e71d2770 1319->1322 1323 7ff7e71d11ca-7ff7e71d11cd 1319->1323 1322->1313 1324 7ff7e71d11cf-7ff7e71d11d9 1323->1324 1325 7ff7e71d123c 1323->1325 1327 7ff7e71d1203-7ff7e71d1206 1324->1327 1328 7ff7e71d11db-7ff7e71d11e8 call 7ff7e71dfc6c 1324->1328 1325->1322 1331 7ff7e71d1208-7ff7e71d1216 call 7ff7e71dbaa0 1327->1331 1332 7ff7e71d1219-7ff7e71d121e 1327->1332 1334 7ff7e71d11ed-7ff7e71d11f0 1328->1334 1331->1332 1332->1319 1333 7ff7e71d1220-7ff7e71d1223 1332->1333 1336 7ff7e71d1225-7ff7e71d1228 1333->1336 1337 7ff7e71d1237-7ff7e71d123a 1333->1337 1338 7ff7e71d11f2-7ff7e71d11fc call 7ff7e71df2a0 1334->1338 1339 7ff7e71d11fe-7ff7e71d1201 1334->1339 1336->1322 1341 7ff7e71d122a-7ff7e71d1232 1336->1341 1337->1313 1338->1332 1338->1339 1339->1322 1341->1303
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Message
                                                                                                                                                                                                                                • String ID: 1.2.12$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                • API String ID: 2030045667-1282086711
                                                                                                                                                                                                                                • Opcode ID: 46025cdabab53e8e2b2efccd93d99b66e202f7486fae8c287b4d96ca92b427b8
                                                                                                                                                                                                                                • Instruction ID: 99c2ee190ca1ebcfd6159c8ca57f0d2af22056bc9655f696f0aadcff51b7e92f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 46025cdabab53e8e2b2efccd93d99b66e202f7486fae8c287b4d96ca92b427b8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A851A322A0878285EA20BB11F4803BAA290FBC5795F994137DF6D47785EF3CE546DB12
                                                                                                                                                                                                                                Function 00007FF7E71EAE5C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 1344 7ff7e71eae5c-7ff7e71eae82 1345 7ff7e71eae84-7ff7e71eae98 call 7ff7e71e4354 call 7ff7e71e4374 1344->1345 1346 7ff7e71eae9d-7ff7e71eaea1 1344->1346 1364 7ff7e71eb28e 1345->1364 1348 7ff7e71eb277-7ff7e71eb283 call 7ff7e71e4354 call 7ff7e71e4374 1346->1348 1349 7ff7e71eaea7-7ff7e71eaeae 1346->1349 1366 7ff7e71eb289 call 7ff7e71e9ce0 1348->1366 1349->1348 1352 7ff7e71eaeb4-7ff7e71eaee2 1349->1352 1352->1348 1353 7ff7e71eaee8-7ff7e71eaeef 1352->1353 1356 7ff7e71eaef1-7ff7e71eaf03 call 7ff7e71e4354 call 7ff7e71e4374 1353->1356 1357 7ff7e71eaf08-7ff7e71eaf0b 1353->1357 1356->1366 1362 7ff7e71eb273-7ff7e71eb275 1357->1362 1363 7ff7e71eaf11-7ff7e71eaf17 1357->1363 1367 7ff7e71eb291-7ff7e71eb2a8 1362->1367 1363->1362 1368 7ff7e71eaf1d-7ff7e71eaf20 1363->1368 1364->1367 1366->1364 1368->1356 1371 7ff7e71eaf22-7ff7e71eaf47 1368->1371 1373 7ff7e71eaf49-7ff7e71eaf4b 1371->1373 1374 7ff7e71eaf7a-7ff7e71eaf81 1371->1374 1377 7ff7e71eaf72-7ff7e71eaf78 1373->1377 1378 7ff7e71eaf4d-7ff7e71eaf54 1373->1378 1375 7ff7e71eaf56-7ff7e71eaf6d call 7ff7e71e4354 call 7ff7e71e4374 call 7ff7e71e9ce0 1374->1375 1376 7ff7e71eaf83-7ff7e71eafab call 7ff7e71ec9fc call 7ff7e71e9d48 * 2 1374->1376 1405 7ff7e71eb100 1375->1405 1407 7ff7e71eafad-7ff7e71eafc3 call 7ff7e71e4374 call 7ff7e71e4354 1376->1407 1408 7ff7e71eafc8-7ff7e71eaff3 call 7ff7e71eb684 1376->1408 1379 7ff7e71eaff8-7ff7e71eb00f 1377->1379 1378->1375 1378->1377 1382 7ff7e71eb011-7ff7e71eb019 1379->1382 1383 7ff7e71eb08a-7ff7e71eb094 call 7ff7e71f296c 1379->1383 1382->1383 1386 7ff7e71eb01b-7ff7e71eb01d 1382->1386 1394 7ff7e71eb11e 1383->1394 1395 7ff7e71eb09a-7ff7e71eb0af 1383->1395 1386->1383 1392 7ff7e71eb01f-7ff7e71eb035 1386->1392 1392->1383 1397 7ff7e71eb037-7ff7e71eb043 1392->1397 1403 7ff7e71eb123-7ff7e71eb143 ReadFile 1394->1403 1395->1394 1399 7ff7e71eb0b1-7ff7e71eb0c3 GetConsoleMode 1395->1399 1397->1383 1401 7ff7e71eb045-7ff7e71eb047 1397->1401 1399->1394 1404 7ff7e71eb0c5-7ff7e71eb0cd 1399->1404 1401->1383 1406 7ff7e71eb049-7ff7e71eb061 1401->1406 1409 7ff7e71eb23d-7ff7e71eb246 GetLastError 1403->1409 1410 7ff7e71eb149-7ff7e71eb151 1403->1410 1404->1403 1413 7ff7e71eb0cf-7ff7e71eb0f1 ReadConsoleW 1404->1413 1416 7ff7e71eb103-7ff7e71eb10d call 7ff7e71e9d48 1405->1416 1406->1383 1417 7ff7e71eb063-7ff7e71eb06f 1406->1417 1407->1405 1408->1379 1414 7ff7e71eb263-7ff7e71eb266 1409->1414 1415 7ff7e71eb248-7ff7e71eb25e call 7ff7e71e4374 call 7ff7e71e4354 1409->1415 1410->1409 1411 7ff7e71eb157 1410->1411 1419 7ff7e71eb15e-7ff7e71eb173 1411->1419 1421 7ff7e71eb0f3 GetLastError 1413->1421 1422 7ff7e71eb112-7ff7e71eb11c 1413->1422 1426 7ff7e71eb26c-7ff7e71eb26e 1414->1426 1427 7ff7e71eb0f9-7ff7e71eb0fb call 7ff7e71e42e8 1414->1427 1415->1405 1416->1367 1417->1383 1425 7ff7e71eb071-7ff7e71eb073 1417->1425 1419->1416 1429 7ff7e71eb175-7ff7e71eb180 1419->1429 1421->1427 1422->1419 1425->1383 1433 7ff7e71eb075-7ff7e71eb085 1425->1433 1426->1416 1427->1405 1436 7ff7e71eb182-7ff7e71eb19b call 7ff7e71eaa74 1429->1436 1437 7ff7e71eb1a7-7ff7e71eb1af 1429->1437 1433->1383 1444 7ff7e71eb1a0-7ff7e71eb1a2 1436->1444 1440 7ff7e71eb1b1-7ff7e71eb1c3 1437->1440 1441 7ff7e71eb22b-7ff7e71eb238 call 7ff7e71ea8b4 1437->1441 1445 7ff7e71eb1c5 1440->1445 1446 7ff7e71eb21e-7ff7e71eb226 1440->1446 1441->1444 1444->1416 1448 7ff7e71eb1ca-7ff7e71eb1d1 1445->1448 1446->1416 1449 7ff7e71eb1d3-7ff7e71eb1d7 1448->1449 1450 7ff7e71eb20d-7ff7e71eb218 1448->1450 1451 7ff7e71eb1f3 1449->1451 1452 7ff7e71eb1d9-7ff7e71eb1e0 1449->1452 1450->1446 1454 7ff7e71eb1f9-7ff7e71eb209 1451->1454 1452->1451 1453 7ff7e71eb1e2-7ff7e71eb1e6 1452->1453 1453->1451 1456 7ff7e71eb1e8-7ff7e71eb1f1 1453->1456 1454->1448 1455 7ff7e71eb20b 1454->1455 1455->1446 1456->1454
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                • Opcode ID: 52e28160fca86a7eeceb88bd81f6b9396e1938daf65dac55fe125d3a7a8202fa
                                                                                                                                                                                                                                • Instruction ID: 7c0fcea998c95bcc6e8c71980a1e775690048219f2d545c4a73dc03c9f4198d2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 52e28160fca86a7eeceb88bd81f6b9396e1938daf65dac55fe125d3a7a8202fa
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 59C1D232A0C78743EA20AB15F4447BDA6A1EFD1BD0F950133EA6D83691CE7CE4478762
                                                                                                                                                                                                                                Function 00007FF8A92F2428 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 192COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 1534 7ff8a92f2428-7ff8a92fd174 call 7ff8a92f1023 1538 7ff8a92fd291 1534->1538 1539 7ff8a92fd17a-7ff8a92fd182 1534->1539 1542 7ff8a92fd293-7ff8a92fd2af 1538->1542 1540 7ff8a92fd184-7ff8a92fd18b call 7ff8a92f19d8 1539->1540 1541 7ff8a92fd191-7ff8a92fd1b1 1539->1541 1540->1541 1552 7ff8a92fd322-7ff8a92fd327 1540->1552 1544 7ff8a92fd1b3-7ff8a92fd1b9 1541->1544 1545 7ff8a92fd232-7ff8a92fd239 1541->1545 1548 7ff8a92fd203 1544->1548 1549 7ff8a92fd1bb-7ff8a92fd1be 1544->1549 1546 7ff8a92fd240-7ff8a92fd247 1545->1546 1550 7ff8a92fd274-7ff8a92fd285 1546->1550 1551 7ff8a92fd249-7ff8a92fd251 1546->1551 1554 7ff8a92fd20a-7ff8a92fd230 1548->1554 1553 7ff8a92fd1c0-7ff8a92fd1c4 1549->1553 1549->1554 1556 7ff8a92fd2b7-7ff8a92fd2ba 1550->1556 1557 7ff8a92fd287-7ff8a92fd28a 1550->1557 1551->1550 1555 7ff8a92fd253-7ff8a92fd26d memcpy 1551->1555 1552->1542 1553->1554 1558 7ff8a92fd1c6-7ff8a92fd1d4 1553->1558 1554->1546 1555->1550 1561 7ff8a92fd2e6-7ff8a92fd2f7 1556->1561 1562 7ff8a92fd2bc-7ff8a92fd2e4 1556->1562 1559 7ff8a92fd2b0-7ff8a92fd2b3 1557->1559 1560 7ff8a92fd28c-7ff8a92fd28f 1557->1560 1558->1554 1563 7ff8a92fd1d6-7ff8a92fd1eb 1558->1563 1559->1556 1560->1538 1560->1556 1564 7ff8a92fd32c-7ff8a92fd333 1561->1564 1565 7ff8a92fd2f9-7ff8a92fd31d call 7ff8a92f1a14 1561->1565 1562->1542 1563->1554 1566 7ff8a92fd1ed-7ff8a92fd1fc memcpy 1563->1566 1567 7ff8a92fd335-7ff8a92fd337 1564->1567 1568 7ff8a92fd33e-7ff8a92fd34c 1564->1568 1565->1552 1566->1548 1567->1568 1570 7ff8a92fd339-7ff8a92fd33c 1567->1570 1571 7ff8a92fd350-7ff8a92fd362 SetLastError 1568->1571 1570->1571 1572 7ff8a92fd3e8-7ff8a92fd413 call 7ff8a92f1a14 1571->1572 1573 7ff8a92fd368-7ff8a92fd386 BIO_read 1571->1573 1578 7ff8a92fd418-7ff8a92fd426 1572->1578 1574 7ff8a92fd38b 1573->1574 1575 7ff8a92fd388 1573->1575 1577 7ff8a92fd391-7ff8a92fd3a3 1574->1577 1574->1578 1575->1574 1582 7ff8a92fd3a5-7ff8a92fd3a8 1577->1582 1583 7ff8a92fd3ac-7ff8a92fd3af 1577->1583 1580 7ff8a92fd44a-7ff8a92fd44c 1578->1580 1581 7ff8a92fd428-7ff8a92fd437 1578->1581 1580->1542 1581->1580 1584 7ff8a92fd439-7ff8a92fd440 1581->1584 1582->1571 1585 7ff8a92fd3aa 1582->1585 1586 7ff8a92fd3b4-7ff8a92fd3e3 1583->1586 1587 7ff8a92fd3b1 1583->1587 1584->1580 1588 7ff8a92fd442-7ff8a92fd445 call 7ff8a92f164f 1584->1588 1585->1586 1586->1542 1587->1586 1588->1580
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy$ErrorLastO_read
                                                                                                                                                                                                                                • String ID: ..\s\ssl\record\rec_layer_s3.c
                                                                                                                                                                                                                                • API String ID: 1958097105-2209325370
                                                                                                                                                                                                                                • Opcode ID: edae120d9fe35d59facf5a4fe08dee76e3214904c657c5600ab7b13dad1e873c
                                                                                                                                                                                                                                • Instruction ID: e1c399bfcc0dc470b554768ae458b1e705e2cd10e0a91a6c415f2dc9ca16912f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: edae120d9fe35d59facf5a4fe08dee76e3214904c657c5600ab7b13dad1e873c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EA817932A0EAC5D1FB509E25D5443A922E0FB44BC8F588135DEAC8BB8DDFB8D465C780
                                                                                                                                                                                                                                Function 00007FF8A9335BE0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 223COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • BUF_MEM_grow_clean.LIBCRYPTO-1_1(?,?,?,00000000,?,-00000031,00007FF8A9336392), ref: 00007FF8A9335D94
                                                                                                                                                                                                                                • ERR_put_error.LIBCRYPTO-1_1(?,?,?,00000000,?,-00000031,00007FF8A9336392), ref: 00007FF8A9335EAC
                                                                                                                                                                                                                                • ERR_put_error.LIBCRYPTO-1_1(?,?,?,00000000,?,-00000031,00007FF8A9336392), ref: 00007FF8A9335F72
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: R_put_error$M_grow_clean
                                                                                                                                                                                                                                • String ID: ..\s\ssl\statem\statem.c
                                                                                                                                                                                                                                • API String ID: 1147295381-2512360314
                                                                                                                                                                                                                                • Opcode ID: ee35d050ad6db79da5008e9e714a3e8c6f452bf8ee6c6557c9d3fa53c98701f8
                                                                                                                                                                                                                                • Instruction ID: feab8c32ead732277f1726ab72e29e3ee4188fc9e3284f95dccb601d977b8d5f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ee35d050ad6db79da5008e9e714a3e8c6f452bf8ee6c6557c9d3fa53c98701f8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6CA19C3664FAC2E5FB608F25D4483BA27A0EB44B88F58513ADA5D876D8CF7DE485C700
                                                                                                                                                                                                                                Function 00007FF8A92F118B Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_new
                                                                                                                                                                                                                                • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                • API String ID: 458078758-1080266419
                                                                                                                                                                                                                                • Opcode ID: ae28cb8009324df947ebf838b1cee4652da6ae79bd4c65a6c612b91cd11983c7
                                                                                                                                                                                                                                • Instruction ID: 9983e4f1534679151f4b84a06f898164cdca9220e803177c55fa3206c13147f6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ae28cb8009324df947ebf838b1cee4652da6ae79bd4c65a6c612b91cd11983c7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 57117762B0EA8266EA50DF66F4017A972B0EF487C4F542530EA0D87796EF3DE5518600
                                                                                                                                                                                                                                Function 00007FF7E71EE80C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4170891091-0
                                                                                                                                                                                                                                • Opcode ID: 1dd24f7105ff8e7d48a2fb442a16f04649d1343116b9e24a6dd38911d1b00d9f
                                                                                                                                                                                                                                • Instruction ID: 5fc05e566292fec6398c92f45ac60231415cde74061cfcb4584ba4808c90fa42
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1dd24f7105ff8e7d48a2fb442a16f04649d1343116b9e24a6dd38911d1b00d9f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6451C872F083124BFB24EB64E94577CA6A5FB84368F900236DE2D926E5DB38A447C711
                                                                                                                                                                                                                                Function 00007FF7E71E4704 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2780335769-0
                                                                                                                                                                                                                                • Opcode ID: 2c803cf069e940bc8ce2885be35e730a536e5e4cf13c1f700208f7e9b675e8ba
                                                                                                                                                                                                                                • Instruction ID: 5cf8ecda696eed258353274d534eb0b4151dec9a5927f01e5923ab60152cbe32
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2c803cf069e940bc8ce2885be35e730a536e5e4cf13c1f700208f7e9b675e8ba
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4C518F22E147418BF714EFA1E4517BDB3A1EF88B58F944136EE1997644DF38D4438362
                                                                                                                                                                                                                                Function 00007FF7E71DAE3C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1452418845-0
                                                                                                                                                                                                                                • Opcode ID: fe3ada7a8cc56a4ed65094338cfa1a217e5e95ba653fb5ab557310939df0f8c4
                                                                                                                                                                                                                                • Instruction ID: 3a94079f42b44c5e37c0f907344d0347de1146785a8db8883c9040ddad85c647
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fe3ada7a8cc56a4ed65094338cfa1a217e5e95ba653fb5ab557310939df0f8c4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A5312921A0831246EA24FB64F4913B9A2919FC5785FC45437EB6E476D3DE3CA8078A37
                                                                                                                                                                                                                                Function 00007FF7E71E45B0 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1279662727-0
                                                                                                                                                                                                                                • Opcode ID: e466375c137080442015770c21472d3ddd744ca47b074c7543c7a5c04326b230
                                                                                                                                                                                                                                • Instruction ID: cc6822e53737935bfb1f01499ba5502ff25baf10b94d21ea895256e1dee01bc2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e466375c137080442015770c21472d3ddd744ca47b074c7543c7a5c04326b230
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D941A362D1878283F714AB61E500369A360FFD97A4F509336FAAC43AD1DF7CA5E28711
                                                                                                                                                                                                                                Function 00007FF8A92F14CE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: C_get_current_jobR_put_error
                                                                                                                                                                                                                                • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                • API String ID: 4281227279-1080266419
                                                                                                                                                                                                                                • Opcode ID: 35882b277f4ccf6b679517ba44a77984db9ce87ed62e302cee43e7f28ac90b82
                                                                                                                                                                                                                                • Instruction ID: f14f0b25d80a6812154d49c50fca8175c2671ff929145c0d5983a252e72ceffe
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 35882b277f4ccf6b679517ba44a77984db9ce87ed62e302cee43e7f28ac90b82
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C215622A1DA8696EE50DF25F4402B923A0EF84BC4F585131DE59873AAEF7CD5558A00
                                                                                                                                                                                                                                Function 00007FF8A9336680 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 239COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ERR_put_error.LIBCRYPTO-1_1(?,?,00000000,?,00007FF8A93363AE), ref: 00007FF8A9336A1D
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: R_put_error
                                                                                                                                                                                                                                • String ID: ..\s\ssl\statem\statem.c
                                                                                                                                                                                                                                • API String ID: 1767461275-2512360314
                                                                                                                                                                                                                                • Opcode ID: 5da4c13888971a3ceaf264271430cc03a6bbf4e53f30d701daf9ea4bde550c43
                                                                                                                                                                                                                                • Instruction ID: 38cac7238045f3e3460c881a54af5a936a49408d849116ed8cacb580b429a2de
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5da4c13888971a3ceaf264271430cc03a6bbf4e53f30d701daf9ea4bde550c43
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B7B17E3265EAC2EAFF648F26C45537A23B1EB45B8CF44613ACA4D86698DF3DD844C701
                                                                                                                                                                                                                                Function 00007FF7E71DF2CC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                • Opcode ID: 93d406eb751f86c607dc13eaaa054d8705ba3ff266a8700b2758b39221051539
                                                                                                                                                                                                                                • Instruction ID: 9507722e682e0b319e909525771aefb334cb4e2e9927a2759eecda63a6097426
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 93d406eb751f86c607dc13eaaa054d8705ba3ff266a8700b2758b39221051539
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB51EA31A093D246E624AD25F44477AA194AFC0BA9F444736DF7D477C5CF3CE602CA22
                                                                                                                                                                                                                                Function 00007FF7E71EB534 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SetFilePointerEx.KERNEL32(?,?,?,?,00000000,00007FF7E71EB6CD), ref: 00007FF7E71EB580
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,00000000,00007FF7E71EB6CD), ref: 00007FF7E71EB58A
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2976181284-0
                                                                                                                                                                                                                                • Opcode ID: 9f733d69f420b8b04d1076dad759c709488f53e52c8dcc29dc1aedb5cdeb4cec
                                                                                                                                                                                                                                • Instruction ID: 46c1e04058d50701c9ad7c362c6e005b3294e36773825313b97414da1f64b7e2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9f733d69f420b8b04d1076dad759c709488f53e52c8dcc29dc1aedb5cdeb4cec
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D11D061A18B9182DA20AB25F400269A361EF85BF0F940332EA7D477E8CE3CD4528B01
                                                                                                                                                                                                                                Function 00007FF7E71E48AC Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E71E47C1), ref: 00007FF7E71E48DF
                                                                                                                                                                                                                                • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E71E47C1), ref: 00007FF7E71E48F5
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1707611234-0
                                                                                                                                                                                                                                • Opcode ID: 3187d087db2b214abcb8657b9371278066060ab850da1b3f30db97418e55af6d
                                                                                                                                                                                                                                • Instruction ID: dddedb3e1509ce50a058ccb0ccd1edee32fccbcefcea2b7bea857b2855c37995
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3187d087db2b214abcb8657b9371278066060ab850da1b3f30db97418e55af6d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 74116D2260C74282EA54AB14F44123AE760FBC57B1F901237FAAE819D8EF3CD016CB21
                                                                                                                                                                                                                                Function 00007FF7E71E9F58 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,00007FF7E71E9DD5,?,?,00000000,00007FF7E71E9E8A), ref: 00007FF7E71E9FC6
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF7E71E9DD5,?,?,00000000,00007FF7E71E9E8A), ref: 00007FF7E71E9FD0
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 918212764-0
                                                                                                                                                                                                                                • Opcode ID: ac9e98b412a5961d7460aa12ad0ec3afb474dab09b1a01e5b31658786db65771
                                                                                                                                                                                                                                • Instruction ID: bec4cec3538b53e1461a5cddee4749516f011bb1ba5ac6c23ad791d10f884809
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ac9e98b412a5961d7460aa12ad0ec3afb474dab09b1a01e5b31658786db65771
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F6215021B1874242EA54A765F4503BDAA92DFC5BA0FD84237EA3E872D5CE7CA4464323
                                                                                                                                                                                                                                Function 00007FF7E71EB2AC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                • Opcode ID: 4ee447531585d2975da1dcda293718dbcf43dcc67f1dbe5b8b161bd0b0a82fe6
                                                                                                                                                                                                                                • Instruction ID: fa9a120880d1a5fade98091988aeb2a786dedd8acb76e18fa97861124e2816c5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4ee447531585d2975da1dcda293718dbcf43dcc67f1dbe5b8b161bd0b0a82fe6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3418F3290834687EA34AA19F54177DB3A4EB95B50F941133DAAAC3A91CB3CE543C762
                                                                                                                                                                                                                                Function 00007FF7E71D7170 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _fread_nolock
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 840049012-0
                                                                                                                                                                                                                                • Opcode ID: 866df6a28d0bcd7ea47bf40bb513fc932a7af652c437135df0e43163510efb48
                                                                                                                                                                                                                                • Instruction ID: aa372ba579bfbf195e0dad4dc972a9685b8e909c75db49dc4680288dba8941c9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 866df6a28d0bcd7ea47bf40bb513fc932a7af652c437135df0e43163510efb48
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E9218121B0839245EE10AA12B5447BAE651FF85BD5FC84432EE2D07786DF3CE142CA12
                                                                                                                                                                                                                                Function 00007FF7E71EAD3C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                • Opcode ID: 625c65bdf04db2eb988633523b03424b3a376101dc7d8821f14340521426cd90
                                                                                                                                                                                                                                • Instruction ID: 8ca389d3df96210f2daf9b2d89078c39742ad84ccb91c932e7b90b08df09c8a4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 625c65bdf04db2eb988633523b03424b3a376101dc7d8821f14340521426cd90
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F6315D31A1875286E755BB15E841379AA50EBD4B91F850237EA79833D2CF7CE8438722
                                                                                                                                                                                                                                Function 00007FF8A92F17C6 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_ctrl
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3605655398-0
                                                                                                                                                                                                                                • Opcode ID: 8404de09c8b81130bff0e68f6028756ac13c454de2e81964f73fa35bec372ec7
                                                                                                                                                                                                                                • Instruction ID: e869c2664e24be311152780fb06324f3d7ca48ea1800faadc9bfa0a38691f052
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8404de09c8b81130bff0e68f6028756ac13c454de2e81964f73fa35bec372ec7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5A319C33708B8586DB548F55E440BAE77A0F789B88F484136EE8D4BB49CF79C5948B10
                                                                                                                                                                                                                                Function 00007FF7E71E53F8 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                • Opcode ID: be1079961907d1906d587a3e65c1e024338dd0a3e917ec7f85ba85c18500dcb2
                                                                                                                                                                                                                                • Instruction ID: 7614eb8eef91d19fff95c87f540fdc87e2564c46a683ab03cb68c3d88fb09363
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: be1079961907d1906d587a3e65c1e024338dd0a3e917ec7f85ba85c18500dcb2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F1112131A1874182EA60FF51F80037DE2A0FBC5B84F884436FA9D97695CFBDD5429762
                                                                                                                                                                                                                                Function 00007FF7E71F568C Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                • Opcode ID: 517f1388def26b6ea6af1a1c77ba5c260dc8b33e60c43458f0534b05beae82e8
                                                                                                                                                                                                                                • Instruction ID: 2edfabc7aea7aca3999b4d266a4e3cb37beb4b3dcd736f35b180bb0ece25a381
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 517f1388def26b6ea6af1a1c77ba5c260dc8b33e60c43458f0534b05beae82e8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0621A132A18B4187D765AF18E440369B6A0FFC4BA4FA44236E76D876D9DF3CD4128B11
                                                                                                                                                                                                                                Function 00007FF7E71DF54C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                • Opcode ID: 1748ab499dec2cd63d41733e33088bccb1bfcf71d5c0ce3e5d0110a60e1804e7
                                                                                                                                                                                                                                • Instruction ID: 075add938526e6add54a656cdde05b1e9268bb35aeeac88a2200b88d2e4590d1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1748ab499dec2cd63d41733e33088bccb1bfcf71d5c0ce3e5d0110a60e1804e7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0A01A021A0878241EA04EF52F940269E6A5ABC5FE4F884632EE7C43BD6CF3CE2124711
                                                                                                                                                                                                                                Function 00007FF8A9335A80 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: R_put_error
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1767461275-0
                                                                                                                                                                                                                                • Opcode ID: 00dd9aa0f52b20b2f250f88351cccc6dc7c495ae7f96e3d9caa135d60be24943
                                                                                                                                                                                                                                • Instruction ID: de6251b0518d7d7ab494ca5b05153f76f9d02d6a2db05d1f19501e111aac5797
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 00dd9aa0f52b20b2f250f88351cccc6dc7c495ae7f96e3d9caa135d60be24943
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BE01D63261E6C186E7658E29D44836962A0FB45BCCF141139EE5D877EACA7DD840CF01
                                                                                                                                                                                                                                Function 00007FF8A9336620 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_ctrl
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3605655398-0
                                                                                                                                                                                                                                • Opcode ID: 92d6e5a1c29aaee1e2fe7278d4f29ff922a1999f8b65debc09121ab47c522004
                                                                                                                                                                                                                                • Instruction ID: 6ff8918c3a7974e71065f48f125004f0a7b83fd6933952c4f8010fc0f1b156be
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 92d6e5a1c29aaee1e2fe7278d4f29ff922a1999f8b65debc09121ab47c522004
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B3E048E3B0654146F7109B659486B6526A0EB4C758F542030DA0CC6682E6A9D8E28A00
                                                                                                                                                                                                                                Function 00007FF7E71D7120 Relevance: 1.5, APIs: 1, Instructions: 20libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D79A0: MultiByteToWideChar.KERNEL32 ref: 00007FF7E71D79DA
                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF7E71D309E), ref: 00007FF7E71D7143
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2592636585-0
                                                                                                                                                                                                                                • Opcode ID: 6a36299e949ae3c67a600344f3c976aeb7534549cea4526ad6a1ea83c7cd138f
                                                                                                                                                                                                                                • Instruction ID: 3342655acf62e96bd6b93de5f1fbcce7503727bc5507f8fe18ba90ee7f425037
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6a36299e949ae3c67a600344f3c976aeb7534549cea4526ad6a1ea83c7cd138f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4EE02612B1824142DE0CA767F90116AE1519FC8BD0B889032EF1D03B05DD3CD4924A00
                                                                                                                                                                                                                                Function 00007FF8A92F1A1E Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: R_load_strings_const
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 78401305-0
                                                                                                                                                                                                                                • Opcode ID: 41b3fefb282b4bb2d6b3f724a89cad23257ca65c3e26364c7391ff96daeb620e
                                                                                                                                                                                                                                • Instruction ID: 5546cb2350607fcc8e2b96247a9604abbe0f5a7a0a36d95664f1d43e711579c6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 41b3fefb282b4bb2d6b3f724a89cad23257ca65c3e26364c7391ff96daeb620e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AFE0E205E1FCC3B5F944BF6188522B95171EFAD388FD13872E10EC22EAED0CA9084681
                                                                                                                                                                                                                                Function 00007FF7E71EDC70 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(?,?,00000000,00007FF7E71EA7E6,?,?,?,00007FF7E71E99A3,?,?,00000000,00007FF7E71E9C3E), ref: 00007FF7E71EDCC5
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocHeap
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4292702814-0
                                                                                                                                                                                                                                • Opcode ID: 706319e4b74843d5ad32e6c0b7fb19fe3c01a362d6ca9e09dab64425b174a517
                                                                                                                                                                                                                                • Instruction ID: a71774cc7092e3c5e5a55056abe55e41e5bebd263204b92ca1ad5a8b30404855
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 706319e4b74843d5ad32e6c0b7fb19fe3c01a362d6ca9e09dab64425b174a517
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D9F0AF54B1930642FE54B651F9003B4C2909FC9BC0F8C6436CDAEC72C1DD7CE4924272
                                                                                                                                                                                                                                Function 00007FF7E71EC9FC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(?,?,?,00007FF7E71DFD74,?,?,?,00007FF7E71E1286,?,?,?,?,?,00007FF7E71E2879), ref: 00007FF7E71ECA3A
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocHeap
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4292702814-0
                                                                                                                                                                                                                                • Opcode ID: 489c3d0cd44d140bc65b640a77535ff6cb9a2f4134c0d54aac00f59d377539c0
                                                                                                                                                                                                                                • Instruction ID: dd13959df38b1a1274d4bb379bb72e64ecf6abcac5866464946b3c716423bd6f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 489c3d0cd44d140bc65b640a77535ff6cb9a2f4134c0d54aac00f59d377539c0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D0F0FE54B0935646FE64BAA1FD51775D1909FC5FA0F884A32DD3EC52C2EE3CB4429232

                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                Function 00007FF8A92F1924 Relevance: 44.0, APIs: 19, Strings: 6, Instructions: 207COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: E_finishY_asn1_find_strY_asn1_get0_info$J_nid2sn$D_sizeP_get_digestbyname
                                                                                                                                                                                                                                • String ID: `$gost-mac$gost-mac-12$gost2001$gost2012_256$gost2012_512
                                                                                                                                                                                                                                • API String ID: 910905907-344903700
                                                                                                                                                                                                                                • Opcode ID: d5179f1fa81bdf37aa0ac4a0b56a7b177f04c52ff0e7c9f8530797e90c000734
                                                                                                                                                                                                                                • Instruction ID: cfef1fd8e47a37be59311b2228d9be8f9898ae980414231d70fa26aa800b6998
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d5179f1fa81bdf37aa0ac4a0b56a7b177f04c52ff0e7c9f8530797e90c000734
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 54A16872A0EED29AEB209F64D8406A936B1FB497DCF152235E64DC7AA9DF3CD100C744
                                                                                                                                                                                                                                Function 00007FF7E71D1B90 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 188windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend$Window$Create$Move$ObjectSelect$#380BaseClientDialogDrawFontIndirectInfoParametersRectReleaseSystemTextUnits
                                                                                                                                                                                                                                • String ID: BUTTON$Close$EDIT$Failed to execute script '%ls' due to unhandled exception: %ls$STATIC
                                                                                                                                                                                                                                • API String ID: 2446303242-1601438679
                                                                                                                                                                                                                                • Opcode ID: 051afb74dd6d8b2a6ec501d8fa5556287ab5d0c90ea366ccf65a0a970d90b360
                                                                                                                                                                                                                                • Instruction ID: 1d1a0cb43f91ef0e24f396f09ca13e3c6bed1fb45583a57d15057b8df10c25bc
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 051afb74dd6d8b2a6ec501d8fa5556287ab5d0c90ea366ccf65a0a970d90b360
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8CA15A36218B8187E718DF21F59479AB360FB89B84F944126DB9D03B24CF7DE166CB50
                                                                                                                                                                                                                                Function 00007FF8A9314900 Relevance: 38.6, APIs: 21, Strings: 1, Instructions: 88COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_free$L_sk_free$L_sk_pop_free$E_freeX509_$D_lock_freeD_unlockD_write_lockE_finishH_freeH_set_down_loadM_freeO_free_ex_dataO_secure_free
                                                                                                                                                                                                                                • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                • API String ID: 1978915437-1080266419
                                                                                                                                                                                                                                • Opcode ID: 963b2aa0bef5b1a1c29060d8ccbb4a70c0f3694ca6c4e8ef8f33aa609e4a3b7e
                                                                                                                                                                                                                                • Instruction ID: f32d7f60d7a27dc833992c5865c9a9f7d5b8ca8dfe68d28ad3aa9445ede1fdfd
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 963b2aa0bef5b1a1c29060d8ccbb4a70c0f3694ca6c4e8ef8f33aa609e4a3b7e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C8410A61A0EEC2A5EB00EF66D8517F82330EB89BCCF447131E90DDB2AADE68D545C311
                                                                                                                                                                                                                                Function 00007FF8A931CB90 Relevance: 37.1, APIs: 20, Strings: 1, Instructions: 325COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: R_put_error
                                                                                                                                                                                                                                • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                • API String ID: 1767461275-1080266419
                                                                                                                                                                                                                                • Opcode ID: 94c1324b787a801633dba7bb4ef5eedc7beded623dd66a05d76f6519222e4afe
                                                                                                                                                                                                                                • Instruction ID: 502323c0d5becbd57fe8351be5bea1a4e8a1aa96ae2ab1504594f4285e08d493
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 94c1324b787a801633dba7bb4ef5eedc7beded623dd66a05d76f6519222e4afe
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DFD1B162A0EAD266FE20DF12E4107BA72B1EB847C8F506535DA4D877E5EF3CD5828700
                                                                                                                                                                                                                                Function 00007FF8A9346B00 Relevance: 33.6, APIs: 18, Strings: 1, Instructions: 327COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_free$X509_get0_pubkeyX_freeX_new
                                                                                                                                                                                                                                • String ID: ..\s\ssl\statem\statem_lib.c
                                                                                                                                                                                                                                • API String ID: 1476775391-2839845709
                                                                                                                                                                                                                                • Opcode ID: c67be3e57d0090ebd1ff3e0bddfe18cfb2956b76ef896d0b00e2ddf66be9d8bc
                                                                                                                                                                                                                                • Instruction ID: 63335c5375788147cfc788edf20fff7ea60c1328f0ddfaf6c7af874a787a55cd
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c67be3e57d0090ebd1ff3e0bddfe18cfb2956b76ef896d0b00e2ddf66be9d8bc
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BEE18E3260EAC2A6EB249F12D4407AA77B4FB84BC9F456031DA8D8BB95DF7CE545C700
                                                                                                                                                                                                                                Function 00007FF8A9305980 Relevance: 27.3, APIs: 18, Instructions: 273COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: L_sk_value$L_sk_num$L_sk_push$L_sk_findL_sk_freeL_sk_new_reserveP_sha256
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1426113972-0
                                                                                                                                                                                                                                • Opcode ID: acb547e4507013a0a7d8a9383266d5c1f62a86160be9c10087eb4094dd91ec03
                                                                                                                                                                                                                                • Instruction ID: 5dcbbaae2d779882a8ad2a27e34a75d9f733e660d019a361f6acf6ee53549752
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: acb547e4507013a0a7d8a9383266d5c1f62a86160be9c10087eb4094dd91ec03
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B8A1CE69A0FAC25AEB649E56808477A22F1FB84BC8F547475DD4EC7796CF3CE8818700
                                                                                                                                                                                                                                Function 00007FF8A92F191F Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 286COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: R_put_error
                                                                                                                                                                                                                                • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                • API String ID: 1767461275-1080266419
                                                                                                                                                                                                                                • Opcode ID: 6cec8d3873de1cde41f267993ccb6412c4c53de7e19fb531cd3d6bfe4fe4fdbd
                                                                                                                                                                                                                                • Instruction ID: 4c98cc557349f78b59f187b1aa3d3c6c040feb75de8991473516e6d7e83dc1f4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6cec8d3873de1cde41f267993ccb6412c4c53de7e19fb531cd3d6bfe4fe4fdbd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 13D14A2260AEC2A6EB58DF65D4403BD73B0FB48B84F586035DB1E87795EF38E4628710
                                                                                                                                                                                                                                Function 00007FF8A8084471 Relevance: 21.2, APIs: 14, Instructions: 246fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ByteCharMultiWide_errno$FileFind$ErrorFirstLastNextfreemallocmemset
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3372420414-0
                                                                                                                                                                                                                                • Opcode ID: 9d4875aaf23f410f68e283139661865cbaf76c1e9f82268e5aeab3ef4883c66a
                                                                                                                                                                                                                                • Instruction ID: 8e91fb524ecbca7a72ba529a4229507ef15ccfcd7dd8964b988c1970a24ece82
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9d4875aaf23f410f68e283139661865cbaf76c1e9f82268e5aeab3ef4883c66a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 56B1B362E06A8296EB109F25D4542B977A1FF49BE4F444731DA6E437D9FF3CE0418328
                                                                                                                                                                                                                                Function 00007FF8A80849A8 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 169COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: EnvironmentVariable$ByteCharMultiWide
                                                                                                                                                                                                                                • String ID: .rnd$HOME$RANDFILE$SYSTEMROOT$USERPROFILE
                                                                                                                                                                                                                                • API String ID: 2184640988-1666712896
                                                                                                                                                                                                                                • Opcode ID: 5ebd83b74752af6dfb4dc67d560d70e7a8fd861d60dd0b3d1ec21f852282ba6c
                                                                                                                                                                                                                                • Instruction ID: d9be1bc3931b1e90c95352b4f7c605fd94cdc1ddf606ab93d6f71aaf047bb17f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5ebd83b74752af6dfb4dc67d560d70e7a8fd861d60dd0b3d1ec21f852282ba6c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2261D52260AB82A5EB108F25A85017967A1FF45BF4F588231DE6E437E8DF7DE016C724
                                                                                                                                                                                                                                Function 00007FF8A9340E00 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 80COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_mallocR_put_error$O_free
                                                                                                                                                                                                                                • String ID: ..\s\ssl\statem\statem_dtls.c$R
                                                                                                                                                                                                                                • API String ID: 1091011155-469809446
                                                                                                                                                                                                                                • Opcode ID: 02adae34f141b8c54bdd98b7501d703c722505631c2a981cd8a002c201db5def
                                                                                                                                                                                                                                • Instruction ID: 7d2611b7374c3920856fb839a45b0c94d0523ba7118fba36aa9d526b80ddc8b3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 02adae34f141b8c54bdd98b7501d703c722505631c2a981cd8a002c201db5def
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB31603261EE82A6E710DF12E5006A973B0FB887C4F842435EA4D83B49EF3DE615DB00
                                                                                                                                                                                                                                Function 00007FF8A930DE70 Relevance: 17.5, APIs: 9, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_mem_ctrl$L_sk_newL_sk_pushL_sk_sortO_mallocP_get_nameP_get_typeP_zlib
                                                                                                                                                                                                                                • String ID: ..\s\ssl\ssl_ciph.c
                                                                                                                                                                                                                                • API String ID: 680475741-1847046956
                                                                                                                                                                                                                                • Opcode ID: 15a78374f493de6d1e0e83a03a872b9186b544d640128c05cf70f427dcdf1e1b
                                                                                                                                                                                                                                • Instruction ID: a8eecb5037bde47a672e00c68db5490cb82cb52fdccd2713af4b31b856a4eaac
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15a78374f493de6d1e0e83a03a872b9186b544d640128c05cf70f427dcdf1e1b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 36112520E0FE83A5FA04AF65E8553B862B5EF897C4F407035E95D8B3E7DE6CE4008650
                                                                                                                                                                                                                                Function 00007FF8A933ABF0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 159COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • memset.VCRUNTIME140(..\s\ssl\statem\statem_clnt.c,?,?,00000000,?,?,?,00007FF8A933BB5E), ref: 00007FF8A933AC65
                                                                                                                                                                                                                                • OPENSSL_cleanse.LIBCRYPTO-1_1(?,?,00000000,?,?,?,00007FF8A933BB5E), ref: 00007FF8A933AE46
                                                                                                                                                                                                                                • OPENSSL_cleanse.LIBCRYPTO-1_1(?,?,00000000,?,?,?,00007FF8A933BB5E), ref: 00007FF8A933AE55
                                                                                                                                                                                                                                • CRYPTO_clear_free.LIBCRYPTO-1_1(?,?,00000000,?,?,?,00007FF8A933BB5E), ref: 00007FF8A933AE69
                                                                                                                                                                                                                                • CRYPTO_clear_free.LIBCRYPTO-1_1(?,?,00000000,?,?,?,00007FF8A933BB5E), ref: 00007FF8A933AE7D
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: L_cleanseO_clear_free$memset
                                                                                                                                                                                                                                • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                                • API String ID: 4057395051-1507966698
                                                                                                                                                                                                                                • Opcode ID: 931c0870414b731bb70572bcfe3b284e2c2f09d41bc11b512cc96aebba91fae1
                                                                                                                                                                                                                                • Instruction ID: 0c5d0e35e20f5cf35b44d0adb91ee66daed3de8811fb26c87c4dbb200fb3d0f8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 931c0870414b731bb70572bcfe3b284e2c2f09d41bc11b512cc96aebba91fae1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F561906270EA81A5FA609F12E840BAA7760FB88BC8F446035DE4DDB795DF7CD5458700
                                                                                                                                                                                                                                Function 00007FF8A8A018F0 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 451COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722885346.00007FF8A8A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A8A00000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722869539.00007FF8A8A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A06000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A5C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AA7000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AAB000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AB0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8B05000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723115131.00007FF8A8B09000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723139253.00007FF8A8B0B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8a00000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Mem_$Free$DataErr_FromKindMallocMemoryReallocUnicode_
                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                • API String ID: 857045822-4108050209
                                                                                                                                                                                                                                • Opcode ID: 1a47aedec9f05daa56cfb0ff537c540f67868b508df260ed41287c4b5fb163ae
                                                                                                                                                                                                                                • Instruction ID: 9c0fe9d879bd06b2b76213e46a7f48dbb913096c0fe009b89ad6dd9d3ceb025f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1a47aedec9f05daa56cfb0ff537c540f67868b508df260ed41287c4b5fb163ae
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 88121172A0F652A2E7248B14944A6B926B1FB857C4F244135EA8E47790FF3DF941C32A
                                                                                                                                                                                                                                Function 00007FF8A8A012C0 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 371COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722885346.00007FF8A8A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A8A00000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722869539.00007FF8A8A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A06000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A5C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AA7000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AAB000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AB0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8B05000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723115131.00007FF8A8B09000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723139253.00007FF8A8B0B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8a00000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Mem_$Malloc$DeallocErr_FreeMemory
                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                • API String ID: 1635361834-4108050209
                                                                                                                                                                                                                                • Opcode ID: be2e3ae1962b5689be12c3a2b13f836e7886129ce40add6d4d3dc9dc83349451
                                                                                                                                                                                                                                • Instruction ID: 45c555acbabf7612892446756db36e2942f5fd3b8af0224a0f875015a3982c9d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: be2e3ae1962b5689be12c3a2b13f836e7886129ce40add6d4d3dc9dc83349451
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B9F1F072A0F652A6E7648B15D41A6BE33B4FB447C4F100531EA8E86690FF3DF941C72A
                                                                                                                                                                                                                                Function 00007FF8A92F1C03 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: X_md$CipherD_sizeX_block_sizeX_ciphermemset
                                                                                                                                                                                                                                • String ID: ..\s\ssl\record\ssl3_record.c
                                                                                                                                                                                                                                • API String ID: 2928813329-2721125279
                                                                                                                                                                                                                                • Opcode ID: cc6391ea16ba08961653e77c545628519763c374c602f0d570cc0b84e1784acd
                                                                                                                                                                                                                                • Instruction ID: f3f1d88ecf8782fb4b7c11e6ef14c12cf75f3696c878a30add7d5433c4a04a89
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cc6391ea16ba08961653e77c545628519763c374c602f0d570cc0b84e1784acd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9B511B26B0EED162FA288E66D5506B967A0FB49BD8F046135DF0E87B95DF3CE061C700
                                                                                                                                                                                                                                Function 00007FF8A92F1B18 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 303COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: L_cleanse$O_freeO_memcmpO_memdupmemset
                                                                                                                                                                                                                                • String ID: ..\s\ssl\statem\extensions_clnt.c
                                                                                                                                                                                                                                • API String ID: 780863833-592572767
                                                                                                                                                                                                                                • Opcode ID: f34f8ad460171ccb75fa4ef03933ab231f42fe6f42b40a894bd514656ab7bc40
                                                                                                                                                                                                                                • Instruction ID: f5a3b008afb84c4b7ac55521be7c1163c45a762f2866f672ac85d707bc4de68a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f34f8ad460171ccb75fa4ef03933ab231f42fe6f42b40a894bd514656ab7bc40
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2CE17E31A0EAC2A6EB608F11E4443BA67B1EB947C4F146135EA8DC7AD9DF7CE545CB00
                                                                                                                                                                                                                                Function 00007FF8A92F1C26 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 143COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: $ $..\s\ssl\t1_enc.c$key expansion
                                                                                                                                                                                                                                • API String ID: 0-2405982772
                                                                                                                                                                                                                                • Opcode ID: 83c8b71be77f7df1eec28a2096d3371710a9eb22271c69bf8a74428a5bc70789
                                                                                                                                                                                                                                • Instruction ID: a9769e4749e74d3781922f3740c140ee025ff5cf9fcddf7868e73640d11b0d1d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 83c8b71be77f7df1eec28a2096d3371710a9eb22271c69bf8a74428a5bc70789
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F1712932609BC1AAEAA4CF15E4803AD77A4F789B94F449136DA8C47B55CF78D1A9CB00
                                                                                                                                                                                                                                Function 00007FF7E71D6760 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetTempPathW.KERNEL32(?,00000000,?,00007FF7E71D672D), ref: 00007FF7E71D67FA
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D6970: GetEnvironmentVariableW.KERNEL32(00007FF7E71D36C7), ref: 00007FF7E71D69AA
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D6970: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7E71D69C7
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71E65E4: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E71E65FD
                                                                                                                                                                                                                                • SetEnvironmentVariableW.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF7E71D68B1
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D2770: MessageBoxW.USER32 ref: 00007FF7E71D2841
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Environment$Variable$ExpandMessagePathStringsTemp_invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                                                                                                                                • API String ID: 3752271684-1116378104
                                                                                                                                                                                                                                • Opcode ID: 4828d69836246918269f07bf884f0db2084dfee84ed506a5a3d02a588ff47569
                                                                                                                                                                                                                                • Instruction ID: 09ae2a45e22da233d4f2d3778be83b74bc8954915f471c0d8d42bd746dafbb5d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4828d69836246918269f07bf884f0db2084dfee84ed506a5a3d02a588ff47569
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8B513F11B1974341ED58BB21F9953BA92519FC5BC1FC85033EE2E8779ADD3CE4034A22
                                                                                                                                                                                                                                Function 00007FF8A932FAF0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_freeO_memdup
                                                                                                                                                                                                                                • String ID: ..\s\ssl\statem\extensions_cust.c
                                                                                                                                                                                                                                • API String ID: 3962629258-3973221358
                                                                                                                                                                                                                                • Opcode ID: affe7a8860928615d7d6bb568a7be11a3244f159c59a68a1cf976d3fc19fdad4
                                                                                                                                                                                                                                • Instruction ID: e056820b1a786fb225bd0a1cacc999564379563deb4ed00063a9d04fd142d027
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: affe7a8860928615d7d6bb568a7be11a3244f159c59a68a1cf976d3fc19fdad4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D418C76A0EEA2A1EB11DF06E4406A963B4FB58BC8F456032DE8D87A54EF7CD581C700
                                                                                                                                                                                                                                Function 00007FF8A92F1ABE Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: F_parse_listO_mallocR_put_error
                                                                                                                                                                                                                                • String ID: ..\s\ssl\t1_lib.c
                                                                                                                                                                                                                                • API String ID: 3458554092-1643863364
                                                                                                                                                                                                                                • Opcode ID: ac8b8fe909902e8189399d8e2bc8a2ca6a7220937294c0f31b619b802e21f1cb
                                                                                                                                                                                                                                • Instruction ID: acdf8f2e1da4fd377a6b01b3432d54f1a718ff8d4d04230a6a3109fc5c40b738
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ac8b8fe909902e8189399d8e2bc8a2ca6a7220937294c0f31b619b802e21f1cb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3331396661EAC2A9E6609F11A4407AA7365EB48BC4F446535EE8D87B89DF3CE104C710
                                                                                                                                                                                                                                Function 00007FF8A8083EAE Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 280COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Fiber$ErrorLastSwitch$CreateValuememmove
                                                                                                                                                                                                                                • String ID: *$..\s\crypto\async\async.c
                                                                                                                                                                                                                                • API String ID: 3019965278-1471988776
                                                                                                                                                                                                                                • Opcode ID: 9a4675109f6970b122752d642c61ba6beee08fc618e2ced65f7d5429860a6a7c
                                                                                                                                                                                                                                • Instruction ID: 0ff142bbe49acf6ca264a8799c9067798c266497a648ec6e53e203922f2bc85f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9a4675109f6970b122752d642c61ba6beee08fc618e2ced65f7d5429860a6a7c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 81C14A76A0AB02A6EB21DF21E4006B973A0FF44BC4F444435DA4D47B95EF3CE595C768
                                                                                                                                                                                                                                Function 00007FF8A92F1A0A Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: ..\s\ssl\s3_enc.c
                                                                                                                                                                                                                                • API String ID: 0-1839494539
                                                                                                                                                                                                                                • Opcode ID: 53af206ab619913eb509b0717cfacfc4f5e337eab384399cab100b879777213b
                                                                                                                                                                                                                                • Instruction ID: 7ab39b132f6634ea553f48e071857c5c2a6a5d523b89bf75672024f2578976b4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 53af206ab619913eb509b0717cfacfc4f5e337eab384399cab100b879777213b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4A51593670AB81A6EB548F26E0803A977B0FB88BD4F545132DB8C83764DF38D1A5CB00
                                                                                                                                                                                                                                Function 00007FF8A92F1E6A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 129COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_zallocR_put_error
                                                                                                                                                                                                                                • String ID: ..\s\ssl\packet.c$b
                                                                                                                                                                                                                                • API String ID: 2718799170-1717309047
                                                                                                                                                                                                                                • Opcode ID: be4cdca94e7d478c4cd099306eb04f50834cffcd4a132cb96adbd5621733b7d2
                                                                                                                                                                                                                                • Instruction ID: 05ce83ed8483cac078896fb862787eef97c855844f96e3729a0ae85305d9bb8c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: be4cdca94e7d478c4cd099306eb04f50834cffcd4a132cb96adbd5621733b7d2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 48519E62B0AB85D1EF149F25D540368A3A1EB58BE8F608635CA2D8B7DCEF7CD455C340
                                                                                                                                                                                                                                Function 00007FF8A934FAF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: N_bin2bnN_is_zeroN_ucmpO_freeO_strdup
                                                                                                                                                                                                                                • String ID: ..\s\ssl\statem\statem_srvr.c
                                                                                                                                                                                                                                • API String ID: 3996552382-348624464
                                                                                                                                                                                                                                • Opcode ID: 2e29c1eaaeb594d962e7f54d055b3c6f0ad7c868bd6538970ac661f554f2f118
                                                                                                                                                                                                                                • Instruction ID: eaf648077a69a7b6da88e88a2ac2e0b8b0729e339924d79d3ed45277f52aee22
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2e29c1eaaeb594d962e7f54d055b3c6f0ad7c868bd6538970ac661f554f2f118
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EC419B32B0DA8291EB608F15E8507BD27A1EB84BD8F486231DE5D8BB95DF3CD5908B00
                                                                                                                                                                                                                                Function 00007FF7E71DB5DC Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3140674995-0
                                                                                                                                                                                                                                • Opcode ID: fbdfe3cbec041ac85cd1f64ea4b15fcfe09a87be1aa09ac25d8a719fe1a921a3
                                                                                                                                                                                                                                • Instruction ID: 6a170e19de84a04a5a7dd6c2fe6ecb5076a1c8cadb1c545ce46a6b5e4f70cd84
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fbdfe3cbec041ac85cd1f64ea4b15fcfe09a87be1aa09ac25d8a719fe1a921a3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AF314D72608B8186EB64AF60F8803EDA364FB84744F84403ADB5E47A98DF3CD549CB21
                                                                                                                                                                                                                                Function 00007FF8A930CBB0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_freeX509_i2d_$memcmp
                                                                                                                                                                                                                                • String ID: ..\s\ssl\ssl_cert.c
                                                                                                                                                                                                                                • API String ID: 1487052844-349359282
                                                                                                                                                                                                                                • Opcode ID: 0d54214541bcf23eb0ee10e4d06786228e5304979f5289189f05c1cdc1a7dc45
                                                                                                                                                                                                                                • Instruction ID: e5daae72c9f5b247b8be0043037f896bd4c89a8539057634a2f0ffc58c95c24b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0d54214541bcf23eb0ee10e4d06786228e5304979f5289189f05c1cdc1a7dc45
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 47018866B0EFC265E6109E5AE44016D6772EF8A7C0F257031EE4EC7799DE2DD5418700
                                                                                                                                                                                                                                Function 00007FF8A9322C70 Relevance: 9.1, APIs: 6, Instructions: 137COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_retrieve$D_unlockD_write_lockH_deleteH_insert
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2043303102-0
                                                                                                                                                                                                                                • Opcode ID: 0b2c61c28c32f61e8aeebe8b85e0ea8e9d4c7705f77b15f08853708f750b9553
                                                                                                                                                                                                                                • Instruction ID: 1d249bce8554fe068c287c9f14be2d90922daeaa843133bc9ec294f8658b8d30
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b2c61c28c32f61e8aeebe8b85e0ea8e9d4c7705f77b15f08853708f750b9553
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4951733260EBC296EB589F219A517B97361EF58BC4F04A031DE1D8BB99DF3CE4508740
                                                                                                                                                                                                                                Function 00007FF7E71E9A14 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1239891234-0
                                                                                                                                                                                                                                • Opcode ID: e7141d2691e6fffc336151182819a094942dc067ac16da689744b042d81b35af
                                                                                                                                                                                                                                • Instruction ID: 689917fe3688b6449a1ec3cd6be401314186454e50c72f5225b140fe20e322a4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e7141d2691e6fffc336151182819a094942dc067ac16da689744b042d81b35af
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF316D32618F8186DB20DB25E8803AAB3A4FBC9754F940136EBAD43B54DF3CD5568B11
                                                                                                                                                                                                                                Function 00007FF8A92F1B5E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 172COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_free$Y_freeY_get1_tls_encodedpoint
                                                                                                                                                                                                                                • String ID: ..\s\ssl\statem\extensions_clnt.c
                                                                                                                                                                                                                                • API String ID: 4042585043-592572767
                                                                                                                                                                                                                                • Opcode ID: 689b321e0f310887bf42d705e61584490e506d5b71d6ceb3fa676dc88cfce93c
                                                                                                                                                                                                                                • Instruction ID: f9b087e26918928b11bde39aa3d80099d0ed14e0d6ffaf2008a04c3d1afe8392
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 689b321e0f310887bf42d705e61584490e506d5b71d6ceb3fa676dc88cfce93c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8B719E21B1EA81A6F7649F16A4403BA66B0FB96BC0F045135EE5D87B99DF3CE5118B00
                                                                                                                                                                                                                                Function 00007FF8A92F1CE4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 135COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_free$O_memdup
                                                                                                                                                                                                                                • String ID: ..\s\ssl\statem\extensions_srvr.c$c:\a\6\s\ssl\packet_local.h
                                                                                                                                                                                                                                • API String ID: 3545228654-2319032043
                                                                                                                                                                                                                                • Opcode ID: a9db89fc3a4393c4603ba4af77c309c2cf3142640939f4ded94034632d9d3d29
                                                                                                                                                                                                                                • Instruction ID: e2757958a0fca2a746b4eaead8dc41a171262c2c998803a97ca8e293624bf0d7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a9db89fc3a4393c4603ba4af77c309c2cf3142640939f4ded94034632d9d3d29
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FD517072A1DBC196EA558F15F4402AAB3A0FB84BC4F44A234EAAD57A95DF3CE190C700
                                                                                                                                                                                                                                Function 00007FF8A931C9D0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_reallocR_put_error
                                                                                                                                                                                                                                • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                • API String ID: 1389097454-1080266419
                                                                                                                                                                                                                                • Opcode ID: 57784ae341cabc3fb45b00ae7efcdcb254fa0e79a603c43839275451e7cbd8f2
                                                                                                                                                                                                                                • Instruction ID: 778158804c083fb0d9d84a37c78c574644cb8c1a3ab894579ffbc356dc0986df
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 57784ae341cabc3fb45b00ae7efcdcb254fa0e79a603c43839275451e7cbd8f2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A31D27260EB81A6EB11DF25E8006A977A0FB487C8F545031EE8D877A5EF3CD552D700
                                                                                                                                                                                                                                Function 00007FF8A933FC60 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 88COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_free$O_strndup
                                                                                                                                                                                                                                • String ID: ..\s\ssl\statem\statem_clnt.c$c:\a\6\s\ssl\packet_local.h
                                                                                                                                                                                                                                • API String ID: 975926931-2921391549
                                                                                                                                                                                                                                • Opcode ID: b36dd589debc4e67587cd1719dfbb70d2eaf0e0f9c496f1b72e335d3229c947a
                                                                                                                                                                                                                                • Instruction ID: b0c38b69bf55b36418489995996e537e2e8cbc2a702d4a29a6420a239e648092
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b36dd589debc4e67587cd1719dfbb70d2eaf0e0f9c496f1b72e335d3229c947a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0C41AE32B0EE8096E7108F11E5402AEB760FB48BD4F845235EA9D57B99DF3CE1948B00
                                                                                                                                                                                                                                Function 00007FF8A9356AC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_free$O_mallocR_put_error
                                                                                                                                                                                                                                • String ID: ..\s\ssl\t1_lib.c
                                                                                                                                                                                                                                • API String ID: 2563039504-1643863364
                                                                                                                                                                                                                                • Opcode ID: d13101ef3c74707bca7f0d67daa8aa13aba7377a66ba06b38b97e7e768e7c1be
                                                                                                                                                                                                                                • Instruction ID: 4fc2e184191fa67328e25e9c4d5634598b33940273305bee102b79c028d3234a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d13101ef3c74707bca7f0d67daa8aa13aba7377a66ba06b38b97e7e768e7c1be
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B1316E22A1EEC196EA10DF13E4502A977A5EB48BC8F486831EA8C87B95DF7CE515C710
                                                                                                                                                                                                                                Function 00007FF8A92F1C44 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: L_sk_pop_freeO_freeX509_freeY_free
                                                                                                                                                                                                                                • String ID: ..\s\ssl\ssl_cert.c
                                                                                                                                                                                                                                • API String ID: 1247630535-349359282
                                                                                                                                                                                                                                • Opcode ID: acc5b18f9e981b8e750a5bec6be30764cd8970e5abda21bfc92aacc97d6dfaf3
                                                                                                                                                                                                                                • Instruction ID: 5f3bc9c2a215e4c67f8ddb703e0b3aa98816ab87c03c5479f3d6a9926f1157e8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: acc5b18f9e981b8e750a5bec6be30764cd8970e5abda21bfc92aacc97d6dfaf3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B6017936A2EF9595EB009F25E4401AC7374FB88F88F042021EA8D97A49CF3CD612C700
                                                                                                                                                                                                                                Function 00007FF7E71F08E4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2227656907-0
                                                                                                                                                                                                                                • Opcode ID: 15b37066209686d126a4855257e5fe5093a8358f256cf270ac53eceea75e82af
                                                                                                                                                                                                                                • Instruction ID: bda1bf0fb724d825237d6aa0043c1f567a7420a176fceb148ac7a232d2f75ef6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15b37066209686d126a4855257e5fe5093a8358f256cf270ac53eceea75e82af
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4AB1B226B1979241EA65AB21F4103B9E250FF84BD4F844137EF6E47A85DE3CE552C322
                                                                                                                                                                                                                                Function 00007FF8A930FB30 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CRYPTO_zalloc.LIBCRYPTO-1_1(?,?,?,00000000,00000000,00007FF8A930F67D), ref: 00007FF8A930FB91
                                                                                                                                                                                                                                • ERR_put_error.LIBCRYPTO-1_1(?,?,?,00000000,00000000,00007FF8A930F67D), ref: 00007FF8A930FBB9
                                                                                                                                                                                                                                • CRYPTO_free.LIBCRYPTO-1_1(?,?,?,00000000,00000000,00007FF8A930F67D), ref: 00007FF8A930FCC8
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_freeO_zallocR_put_error
                                                                                                                                                                                                                                • String ID: ..\s\ssl\ssl_ciph.c
                                                                                                                                                                                                                                • API String ID: 3070865948-1847046956
                                                                                                                                                                                                                                • Opcode ID: a2b290529e14009eb144844e16a311d662c57b1b1f157b07e4015953302c0efc
                                                                                                                                                                                                                                • Instruction ID: e6d4b1697d446fcd8ec611d4fd5b5ffe845ebe5c652efd28e7657fcf1ec13134
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a2b290529e14009eb144844e16a311d662c57b1b1f157b07e4015953302c0efc
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F3419AB6A0AFA196EA05DF82E4506697BB4FB44BC4F45A436DE4C83390DF3DE991C700
                                                                                                                                                                                                                                Function 00007FF8A92F193A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_freeO_memdup
                                                                                                                                                                                                                                • String ID: ..\s\ssl\statem\statem_srvr.c$c:\a\6\s\ssl\packet_local.h
                                                                                                                                                                                                                                • API String ID: 3962629258-1351234564
                                                                                                                                                                                                                                • Opcode ID: bc0ceef6d9831f4752099260cd347bc6d4ee7bcb06d4bafff3d6a727154c85a9
                                                                                                                                                                                                                                • Instruction ID: 3c1a38e2b4b50a020d533ef647e24c560404a6b9f6fbdf1845f7710b93eaf6a7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bc0ceef6d9831f4752099260cd347bc6d4ee7bcb06d4bafff3d6a727154c85a9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2B41B132A2EFC195EB41CF55E4802A9B3A4FB88B84F446135EA8D87B59DF7CD191C700
                                                                                                                                                                                                                                Function 00007FF8A92F19EC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_freeO_mallocR_put_error
                                                                                                                                                                                                                                • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                • API String ID: 2160744234-1080266419
                                                                                                                                                                                                                                • Opcode ID: 9637861b563e5340c438558d7345f744da8b50f30bbd51d84a37c4a80431b035
                                                                                                                                                                                                                                • Instruction ID: 989a2c6aaade25f1db28a3f994c4ad1be655981bec40169e4e6ea26178a3f969
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9637861b563e5340c438558d7345f744da8b50f30bbd51d84a37c4a80431b035
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A8316D72A0EE8192EE50CF46D4542A867B5FB44BC8FA8A431DB4D877A4EF3DE545C700
                                                                                                                                                                                                                                Function 00007FF8A9311BD0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_free$O_newO_s_fileO_strdupR_clear_errorR_put_errorX509_free
                                                                                                                                                                                                                                • String ID: ..\s\ssl\ssl_conf.c$gfffffff
                                                                                                                                                                                                                                • API String ID: 3738848979-4123734156
                                                                                                                                                                                                                                • Opcode ID: b8212f8930010c400659cc461d09cacaa93ca21df84dc7a567d788256480ddca
                                                                                                                                                                                                                                • Instruction ID: 79086a57708f0c4bc8eeb27838675d228a1ddaaf4f9802b66b4bc38e696f2b9f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b8212f8930010c400659cc461d09cacaa93ca21df84dc7a567d788256480ddca
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E721A166B1AB8595EE44DF67E4802A963A1EB88FC0F186035DF4DC7759EE28E5108341
                                                                                                                                                                                                                                Function 00007FF8A92F7E20 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_zallocR_put_error
                                                                                                                                                                                                                                • String ID: ..\s\ssl\packet.c$b
                                                                                                                                                                                                                                • API String ID: 2718799170-1717309047
                                                                                                                                                                                                                                • Opcode ID: 2dd786a1ad79b9d2127fbe9555d9e97981593222be29afc57f25c38cfecdaedd
                                                                                                                                                                                                                                • Instruction ID: f56f597ebfd63cc04b6876c118b87c9b418614f919e4e4a198a7ed5575642368
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2dd786a1ad79b9d2127fbe9555d9e97981593222be29afc57f25c38cfecdaedd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2B01D63260AB8196EB00CF19F44015873B0FB48798FA44235D76C477D9EF79D965C700
                                                                                                                                                                                                                                Function 00007FF8A808734C Relevance: 6.4, APIs: 5, Instructions: 141COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memmove$memset
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3790616698-0
                                                                                                                                                                                                                                • Opcode ID: c2d83c62b047308c6ebeacc94b43f164426b5dc8fd334861661ea7d4dc674f57
                                                                                                                                                                                                                                • Instruction ID: d494e9ce798e3481641dd6090bfc1d647228079f6e7fc49394c8b523d2bd8352
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c2d83c62b047308c6ebeacc94b43f164426b5dc8fd334861661ea7d4dc674f57
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3551E032B1AB8596EB10DB16E4402AEBBA4FB49BD0F444135EE9D0779AEF3CE111C714
                                                                                                                                                                                                                                Function 00007FF8A808380F Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 304COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memmovememset
                                                                                                                                                                                                                                • String ID: ..\s\crypto\rsa\rsa_oaep.c$W
                                                                                                                                                                                                                                • API String ID: 1288253900-622388702
                                                                                                                                                                                                                                • Opcode ID: 2f37320f5229224b650b91542c54f3efc5ba7ea10b03566c097ec46cb342a241
                                                                                                                                                                                                                                • Instruction ID: 47526e33ae4712e9301e2736814c1666259bb332e368e8472cc4ac0518d0c2d7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2f37320f5229224b650b91542c54f3efc5ba7ea10b03566c097ec46cb342a241
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BAC1F162A5AAC295EB14CF28E4006BAB7A0FB85BC4F505236EF8D53B49EF3CD145C714
                                                                                                                                                                                                                                Function 00007FF8A92F1B95 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_freeO_mallocmemcpy
                                                                                                                                                                                                                                • String ID: ..\s\ssl\statem\extensions_clnt.c
                                                                                                                                                                                                                                • API String ID: 2350084802-592572767
                                                                                                                                                                                                                                • Opcode ID: 45b4ba2e1662a190e2bc1949bd40f922b4dc0c8d39e7c335c220f934004521d8
                                                                                                                                                                                                                                • Instruction ID: f17d60030143370c389bdcf08a52038a1bbd80f589c0ca96e4787dd1e57fc74b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 45b4ba2e1662a190e2bc1949bd40f922b4dc0c8d39e7c335c220f934004521d8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3C31B061A1EEC191F7608F12E8007AA63A5EF94BC4F185035EE4D9BB99DE7CE5528B00
                                                                                                                                                                                                                                Function 00007FF8A92F6BE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_zalloc$R_put_error$O_freeO_malloc
                                                                                                                                                                                                                                • String ID: ..\s\ssl\d1_lib.c
                                                                                                                                                                                                                                • API String ID: 566506930-490761327
                                                                                                                                                                                                                                • Opcode ID: 9ca5090f9d716170096f0ce73f5949a22c45de7a6bc220b66189022f8c3d996a
                                                                                                                                                                                                                                • Instruction ID: d91392226d68de6d4b798e53d8b12cb2cfc7dace0aa64254e3925b077c6911ca
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9ca5090f9d716170096f0ce73f5949a22c45de7a6bc220b66189022f8c3d996a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 27213021B0E6C6A1FE489F65E5953B96290EF49BC4F441038DAAD8778EDF6DE4708700
                                                                                                                                                                                                                                Function 00007FF8A92F1E60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_clear_free
                                                                                                                                                                                                                                • String ID: ..\s\ssl\statem\statem_clnt.c$4
                                                                                                                                                                                                                                • API String ID: 2011826501-211860627
                                                                                                                                                                                                                                • Opcode ID: 58b52a5321839af1a7ab7c6cb3a8c50541dfb00ada8d97ad2764f8d7fddd49de
                                                                                                                                                                                                                                • Instruction ID: c7ed1973cb9ef104e3fceea06d82595a869099bd6ff190cfe973868c63a7b4c1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 58b52a5321839af1a7ab7c6cb3a8c50541dfb00ada8d97ad2764f8d7fddd49de
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 57218822B0EB82A5F7609E12E5803BA77A5EB45FD4F084039DE8D8779ADF6CE1418700
                                                                                                                                                                                                                                Function 00007FF8A8085DB7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57networkCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLastbind
                                                                                                                                                                                                                                • String ID: ..\s\crypto\bio\b_sock2.c
                                                                                                                                                                                                                                • API String ID: 2328862993-3200932406
                                                                                                                                                                                                                                • Opcode ID: 35390e90907e062d5cd2ce9504e4d1041d64cbb7bd1b5a00adced805f3e8df7a
                                                                                                                                                                                                                                • Instruction ID: ce9bd7c0ef8ca4d15768180e97149315cbb6512610a9b0a1e51fb0a9e005a1a5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 35390e90907e062d5cd2ce9504e4d1041d64cbb7bd1b5a00adced805f3e8df7a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5021D131B1A64296EB10CB25E8042AD77A0FB81BC4F000131EA4D43BD9EF7CE592CB18
                                                                                                                                                                                                                                Function 00007FF8A92F1CD5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_mallocP_expand_block
                                                                                                                                                                                                                                • String ID: ..\s\ssl\record\ssl3_record.c
                                                                                                                                                                                                                                • API String ID: 3543690440-2721125279
                                                                                                                                                                                                                                • Opcode ID: ba959f7fdcc2f356148cfce927090e3c0448d500e6ffe04f2bc148faf0d17774
                                                                                                                                                                                                                                • Instruction ID: 50675401fee432cd76a69ee802871e017ac15484b03edae188f9a20ae8b30c5d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ba959f7fdcc2f356148cfce927090e3c0448d500e6ffe04f2bc148faf0d17774
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EC0152A6B1EB9296EB508F25F44026962A4FB4CBC8F145035DF5CCB78EEF2DD5608704
                                                                                                                                                                                                                                Function 00007FF8A92F1C0D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_freeO_strdup
                                                                                                                                                                                                                                • String ID: ..\s\ssl\ssl_sess.c
                                                                                                                                                                                                                                • API String ID: 2148955802-2868363209
                                                                                                                                                                                                                                • Opcode ID: f8f25a26be1ccc350fabe71cb1167f66a4b4f3b5637e67c04e42aafb41beb779
                                                                                                                                                                                                                                • Instruction ID: 127afac3759e04e561d25addd190899cd1eacd662c0ec7923abfc01857a31908
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f8f25a26be1ccc350fabe71cb1167f66a4b4f3b5637e67c04e42aafb41beb779
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 71F0F962B0DE8161EB44CF16E5843A82261EF48BD4F08A031DD5C87B59EE2CD6914700
                                                                                                                                                                                                                                Function 00007FF8A92F8E30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_mallocR_put_error
                                                                                                                                                                                                                                • String ID: ..\s\ssl\pqueue.c
                                                                                                                                                                                                                                • API String ID: 2513334388-354262084
                                                                                                                                                                                                                                • Opcode ID: e31f72ea1b36cf0ac14925aa0d799ea5a93a8d865535a0a2e7d1d0eae8c28d26
                                                                                                                                                                                                                                • Instruction ID: 77cf1e77f0680b2f1c32a7b248d44f8274725fff6d6961a6bb352961ef554621
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e31f72ea1b36cf0ac14925aa0d799ea5a93a8d865535a0a2e7d1d0eae8c28d26
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 87014F7660EA8296EB408F15E4557A97370EB487C8F545035DB5C83759EF3CD558CB00
                                                                                                                                                                                                                                Function 00007FF8A92F1B4A Relevance: 4.5, APIs: 3, Instructions: 34COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: D_unlockD_write_lockH_set_down_load
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3243170206-0
                                                                                                                                                                                                                                • Opcode ID: f606dac38b3917855ba4827b18e1b540f37aef6f658be1799653543066500e3b
                                                                                                                                                                                                                                • Instruction ID: 648e4037d765dc3f70fd189f2a98c0c3f2c19ef6bc319754d77d0399ca2b60de
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f606dac38b3917855ba4827b18e1b540f37aef6f658be1799653543066500e3b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E3014C26A0EEC2A6DB15EF52E8410A86370FB8C794F046131FA4DC7B56DE7CE5218700
                                                                                                                                                                                                                                Function 00007FF8A92F19BA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 88COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_malloc
                                                                                                                                                                                                                                • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                                • API String ID: 1457121658-1507966698
                                                                                                                                                                                                                                • Opcode ID: 3f9792a0efeb992445758e3192719c2ef08d9b5cc60118a7a673352ab647ebb5
                                                                                                                                                                                                                                • Instruction ID: 62d700458f170b1e74166bf2e559aab4c41c90038a332a58b9cb8b0c85d53a2b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3f9792a0efeb992445758e3192719c2ef08d9b5cc60118a7a673352ab647ebb5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4A31B332B0EAC19AE7108F11E4402AEB7A1EB86BD4F484235DE9D97B85DF3CD261D704
                                                                                                                                                                                                                                Function 00007FF8A92F1AB9 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_free
                                                                                                                                                                                                                                • String ID: ..\s\ssl\statem\extensions_clnt.c
                                                                                                                                                                                                                                • API String ID: 2581946324-592572767
                                                                                                                                                                                                                                • Opcode ID: 07ccf8321cc0bcd302b93af1c40fba0edb938f896ced2fc56674020ae6875cd2
                                                                                                                                                                                                                                • Instruction ID: 0f454a681ce5f529c2c7e75a9fcb0384f29a8e6c6d479a685efcf6f41d1511bd
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 07ccf8321cc0bcd302b93af1c40fba0edb938f896ced2fc56674020ae6875cd2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9F216D22B0DA8192F7209F26E5443AE63A0EB54BC4F540131DE5CDBBCADF7DE9518B90
                                                                                                                                                                                                                                Function 00007FF8A92F8B20 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_free
                                                                                                                                                                                                                                • String ID: ..\s\ssl\packet.c
                                                                                                                                                                                                                                • API String ID: 2581946324-1434567093
                                                                                                                                                                                                                                • Opcode ID: b6bc9af57779ca1e9dbc4af6b4d05fc903e4fd731e7e390f42f5b7156448b61e
                                                                                                                                                                                                                                • Instruction ID: 4984740b090591c87765c8067392ed45bf12a9744a74a25d4e0ea01e2f193c03
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b6bc9af57779ca1e9dbc4af6b4d05fc903e4fd731e7e390f42f5b7156448b61e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ED21AEB6B1AB85C2EF548F19C098A7863A4FB59BC0F518435DA2DC7348EEBAD411C300
                                                                                                                                                                                                                                Function 00007FF8A92F7BD0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_free
                                                                                                                                                                                                                                • String ID: ..\s\ssl\packet.c
                                                                                                                                                                                                                                • API String ID: 2581946324-1434567093
                                                                                                                                                                                                                                • Opcode ID: 7c50d8f0ba1a7a3073c4a55f25a47ca7e10264c4c1015fbf867f927ae6a625a8
                                                                                                                                                                                                                                • Instruction ID: ae4a88a753acaeaa13bb204cc8ff9aa366b933f2dcdb169d9cca888b9664d5ad
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7c50d8f0ba1a7a3073c4a55f25a47ca7e10264c4c1015fbf867f927ae6a625a8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DDE06D26B1EA8191FE549F46E4807686224EF58BC8F581135EE5C8778ADE6CD4608700
                                                                                                                                                                                                                                Function 00007FF8A930CB50 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_get_ex_new_index
                                                                                                                                                                                                                                • String ID: SSL for verify callback
                                                                                                                                                                                                                                • API String ID: 3987194240-2900698531
                                                                                                                                                                                                                                • Opcode ID: f51499cff9a83a22f9968298af60ac8a300ed78a9b69b7e6e570d30f8decd514
                                                                                                                                                                                                                                • Instruction ID: d3465ac4fc02c241951525331870522d4bb788786b53853f5b19338bbc927e69
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f51499cff9a83a22f9968298af60ac8a300ed78a9b69b7e6e570d30f8decd514
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FAE09B76E1F682DBE3019F64A8416A53274FB48340F95A439D94CC3655EF3CA115C610
                                                                                                                                                                                                                                Function 00007FF8A9329B90 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_memcmp
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2788248766-0
                                                                                                                                                                                                                                • Opcode ID: b821739bf41882c788a30fe547ac76a5c952d59757a194cc0ce35549cf9ceaef
                                                                                                                                                                                                                                • Instruction ID: adf8dccd3cc42df6ec75726d07269a7cff237b2cdf711423be589ae4a104e475
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b821739bf41882c788a30fe547ac76a5c952d59757a194cc0ce35549cf9ceaef
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 65D0A716F0B48281E748B6398D8607801D0DB843C0FD46034E10DC1681CD0DD5A64600
                                                                                                                                                                                                                                Function 00007FF8A930A970 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: D_run_once
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1403826838-0
                                                                                                                                                                                                                                • Opcode ID: f4b6871b7433c0faec20ec73b7d0caaeb04d9942fddb85c65eb6b7234c581e2f
                                                                                                                                                                                                                                • Instruction ID: 1b2efaa6be2b81c0b4aa4951617460af5bd701d67e4fb621c53b2810af601b4e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f4b6871b7433c0faec20ec73b7d0caaeb04d9942fddb85c65eb6b7234c581e2f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 72E08625F0F8C7A6FA449F28D85127532B0EF40390F40A139E01DC21E9DE5CB8048700
                                                                                                                                                                                                                                Function 00007FF8A80863C0 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 91be93352dc54059d33bb3b406534d6871a2dd302eaa749a2147357a45e61270
                                                                                                                                                                                                                                • Instruction ID: 89d04d8f6a411725a247221cd42a998276fb5759e50b812b1aaea71e8b1a24fc
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 91be93352dc54059d33bb3b406534d6871a2dd302eaa749a2147357a45e61270
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0FF0BE323282A105CB96CE36A408FA92DD19B91BC8F62C034E90CC3F44FA2ED602CF40
                                                                                                                                                                                                                                Function 00007FF8A8086500 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 7484b961f24d436ea4a663d67c740c7ec9c146fb940ac0e1b2f2e6048ab68ed0
                                                                                                                                                                                                                                • Instruction ID: 98ec782c8745c62080367ab3984405f73a2a5ce9ea827df6d8cd2586bf496b0e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7484b961f24d436ea4a663d67c740c7ec9c146fb940ac0e1b2f2e6048ab68ed0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2BE01A727193A445D797CE366508E696A95AB15BC5F83C034D90DC3E45FA2E9602CF40
                                                                                                                                                                                                                                Function 00007FF8A8083251 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: bdbc3210aa16de0059b573af646bfd538959d584be44528a6ba273ed2b96be26
                                                                                                                                                                                                                                • Instruction ID: 84d25ab10be63f7d7b01210c3ea040ef6e207cfdfcec3ced57390aa2cf5224ba
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bdbc3210aa16de0059b573af646bfd538959d584be44528a6ba273ed2b96be26
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8CA002F4B25555396E650261238137406435A483C6CE294B49479115445B1CA150D164
                                                                                                                                                                                                                                Function 00007FF7E71D3DD0 Relevance: 291.0, APIs: 55, Strings: 111, Instructions: 457libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressProc
                                                                                                                                                                                                                                • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UTF8Mode$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleStringFlags$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UTF8Mode$Py_UnbufferedStdioFlag$Py_VerboseFlag
                                                                                                                                                                                                                                • API String ID: 190572456-3109299426
                                                                                                                                                                                                                                • Opcode ID: 6e6539b2492bcb566142f8ce84d8e1d9cc234e654b2aa916a41ae674904a9854
                                                                                                                                                                                                                                • Instruction ID: df834e17569ee106f6798792afafe4d72a3a9553cfdd4f5c3a2d3814bb851c56
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e6539b2492bcb566142f8ce84d8e1d9cc234e654b2aa916a41ae674904a9854
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C142E975A0AF0391EA19FB24F890374A3B5AF85785BD45033CA2E06264EF7CF517C626
                                                                                                                                                                                                                                Function 00007FF7E71D55B0 Relevance: 166.5, APIs: 31, Strings: 64, Instructions: 287libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                                • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                                • API String ID: 2238633743-1453502826
                                                                                                                                                                                                                                • Opcode ID: a7ac00ce1a7fdfc215a9c78db55a5cef2ac37261bb2bde1204b0c918028e9db3
                                                                                                                                                                                                                                • Instruction ID: a6a6f7c2f1052388bc12e8ac0ec233fdad21ad056fb5a60da5f625dbbcc32115
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a7ac00ce1a7fdfc215a9c78db55a5cef2ac37261bb2bde1204b0c918028e9db3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16E1BB64A09B0390EA19FF14F890374E3B5BF85781BD85037D62D06258EF7CA566E732
                                                                                                                                                                                                                                Function 00007FF8A92F1E5B Relevance: 63.4, APIs: 19, Strings: 17, Instructions: 441COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy$D_sizeL_cleanseX_new$X_reset
                                                                                                                                                                                                                                • String ID: ..\s\ssl\tls13_enc.c$CLIENT_EARLY_TRAFFIC_SECRET$CLIENT_HANDSHAKE_TRAFFIC_SECRET$CLIENT_TRAFFIC_SECRET_0$EARLY_EXPORTER_SECRET$EXPORTER_SECRET$SERVER_HANDSHAKE_TRAFFIC_SECRET$SERVER_TRAFFIC_SECRET_0$c ap traffic$c e traffic$c hs traffic$e exp master$exp master$finished$res master$s ap traffic$s hs traffic
                                                                                                                                                                                                                                • API String ID: 2058625460-2823458745
                                                                                                                                                                                                                                • Opcode ID: db609c6c8deeb89e8909843a7604ed277eb9418176f103e5ccd6e9f9fd9f1469
                                                                                                                                                                                                                                • Instruction ID: 2af38a2eae7bcd826dd199aa892ca41fc6c3338b6512f48c4d7220a352214078
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: db609c6c8deeb89e8909843a7604ed277eb9418176f103e5ccd6e9f9fd9f1469
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 41220931A0EFC2A9EA149F11E9402A973B4FB487C8F942135DA4E97B99DF3CE555C700
                                                                                                                                                                                                                                Function 00007FF8A8230500 Relevance: 49.7, APIs: 19, Strings: 14, Instructions: 220stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FF8A8231139,?,?,?,?,?,?,?,?,00007FF8A822F16B), ref: 00007FF8A8230551
                                                                                                                                                                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FF8A8231139,?,?,?,?,?,?,?,?,00007FF8A822F16B), ref: 00007FF8A8230568
                                                                                                                                                                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FF8A8231139,?,?,?,?,?,?,?,?,00007FF8A822F16B), ref: 00007FF8A823057F
                                                                                                                                                                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FF8A8231139,?,?,?,?,?,?,?,?,00007FF8A822F16B), ref: 00007FF8A82305B3
                                                                                                                                                                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FF8A8231139,?,?,?,?,?,?,?,?,00007FF8A822F16B), ref: 00007FF8A823061F
                                                                                                                                                                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FF8A8231139,?,?,?,?,?,?,?,?,00007FF8A822F16B), ref: 00007FF8A8230656
                                                                                                                                                                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FF8A8231139,?,?,?,?,?,?,?,?,00007FF8A822F16B), ref: 00007FF8A82306B7
                                                                                                                                                                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FF8A8231139,?,?,?,?,?,?,?,?,00007FF8A822F16B), ref: 00007FF8A82306CA
                                                                                                                                                                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FF8A8231139,?,?,?,?,?,?,?,?,00007FF8A822F16B), ref: 00007FF8A82306E1
                                                                                                                                                                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FF8A8231139,?,?,?,?,?,?,?,?,00007FF8A822F16B), ref: 00007FF8A82306F4
                                                                                                                                                                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FF8A8231139,?,?,?,?,?,?,?,?,00007FF8A822F16B), ref: 00007FF8A823070B
                                                                                                                                                                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FF8A8231139,?,?,?,?,?,?,?,?,00007FF8A822F16B), ref: 00007FF8A823071E
                                                                                                                                                                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FF8A8231139,?,?,?,?,?,?,?,?,00007FF8A822F16B), ref: 00007FF8A8230735
                                                                                                                                                                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FF8A8231139,?,?,?,?,?,?,?,?,00007FF8A822F16B), ref: 00007FF8A8230748
                                                                                                                                                                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FF8A8231139,?,?,?,?,?,?,?,?,00007FF8A822F16B), ref: 00007FF8A823075F
                                                                                                                                                                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FF8A8231139,?,?,?,?,?,?,?,?,00007FF8A822F16B), ref: 00007FF8A8230772
                                                                                                                                                                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FF8A8231139,?,?,?,?,?,?,?,?,00007FF8A822F16B), ref: 00007FF8A8230789
                                                                                                                                                                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FF8A8231139,?,?,?,?,?,?,?,?,00007FF8A822F16B), ref: 00007FF8A82307C2
                                                                                                                                                                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FF8A8231139,?,?,?,?,?,?,?,?,00007FF8A822F16B), ref: 00007FF8A82307F2
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: strcmp
                                                                                                                                                                                                                                • String ID: ANY PRIVATE KEY$CERTIFICATE$CERTIFICATE REQUEST$CMS$DH PARAMETERS$ENCRYPTED PRIVATE KEY$NEW CERTIFICATE REQUEST$PARAMETERS$PKCS #7 SIGNED DATA$PKCS7$PRIVATE KEY$TRUSTED CERTIFICATE$X509 CERTIFICATE$X9.42 DH PARAMETERS
                                                                                                                                                                                                                                • API String ID: 1004003707-1119032718
                                                                                                                                                                                                                                • Opcode ID: e96e50dfe5be6d1c7c9960577af54c11fa2c3ded3e85e935ba270c856fe7af02
                                                                                                                                                                                                                                • Instruction ID: 4c44a715ec2223e6893e66a4a08c06ac7685c3a96035a378660a145b681acb81
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e96e50dfe5be6d1c7c9960577af54c11fa2c3ded3e85e935ba270c856fe7af02
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8191DE14E0FB03B5FEA1AB2995602F82391EF15BD0F881134D98E462D9EF1CF942867D
                                                                                                                                                                                                                                Function 00007FF8A9304C10 Relevance: 36.9, APIs: 19, Strings: 2, Instructions: 179COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • EVP_MD_CTX_new.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8A9305591), ref: 00007FF8A9304C59
                                                                                                                                                                                                                                • EVP_MD_CTX_new.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8A9305591), ref: 00007FF8A9304C61
                                                                                                                                                                                                                                • EVP_sha1.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8A9305591), ref: 00007FF8A9304CBE
                                                                                                                                                                                                                                • EVP_DigestInit_ex.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8A9305591), ref: 00007FF8A9304CCC
                                                                                                                                                                                                                                • EVP_DigestUpdate.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8A9305591), ref: 00007FF8A9304CE4
                                                                                                                                                                                                                                • EVP_DigestUpdate.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8A9305591), ref: 00007FF8A9304D03
                                                                                                                                                                                                                                • EVP_DigestUpdate.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8A9305591), ref: 00007FF8A9304D27
                                                                                                                                                                                                                                • EVP_DigestUpdate.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8A9305591), ref: 00007FF8A9304D4B
                                                                                                                                                                                                                                • EVP_DigestFinal_ex.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8A9305591), ref: 00007FF8A9304D63
                                                                                                                                                                                                                                • EVP_md5.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8A9305591), ref: 00007FF8A9304D70
                                                                                                                                                                                                                                • EVP_DigestInit_ex.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8A9305591), ref: 00007FF8A9304D7E
                                                                                                                                                                                                                                • EVP_DigestUpdate.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8A9305591), ref: 00007FF8A9304D9D
                                                                                                                                                                                                                                • EVP_DigestUpdate.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8A9305591), ref: 00007FF8A9304DB8
                                                                                                                                                                                                                                • EVP_DigestFinal_ex.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8A9305591), ref: 00007FF8A9304DD8
                                                                                                                                                                                                                                • memcpy.VCRUNTIME140(?,00000000,?,?,?,00000000,00000000,00007FF8A9305591), ref: 00007FF8A9304DEF
                                                                                                                                                                                                                                • EVP_DigestFinal_ex.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8A9305591), ref: 00007FF8A9304DF9
                                                                                                                                                                                                                                • OPENSSL_cleanse.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8A9305591), ref: 00007FF8A9304E61
                                                                                                                                                                                                                                • EVP_MD_CTX_free.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8A9305591), ref: 00007FF8A9304EA0
                                                                                                                                                                                                                                • EVP_MD_CTX_free.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FF8A9305591), ref: 00007FF8A9304EA8
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Digest$Update$Final_ex$Init_exX_freeX_new$L_cleanseP_md5P_sha1memcpy
                                                                                                                                                                                                                                • String ID: "$..\s\ssl\s3_enc.c
                                                                                                                                                                                                                                • API String ID: 3423753248-2057130634
                                                                                                                                                                                                                                • Opcode ID: e48550a0552d9e743465992cf9c39823a33f7a444df1cab1816d86f67504a963
                                                                                                                                                                                                                                • Instruction ID: 9b2eece45dd7db23f2fb28029a1790b31b41b54e4802100f5db48b9a021cad3b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e48550a0552d9e743465992cf9c39823a33f7a444df1cab1816d86f67504a963
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2561D462B0EAC279F6609E5AD444BBA7A60EF457C8F447035EE4D87B86EE3CD641C700
                                                                                                                                                                                                                                Function 00007FF8A935A9E0 Relevance: 33.5, APIs: 15, Strings: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: X_ctrl$X_free$D_sizeR_put_errorX_new_idY_derive_init
                                                                                                                                                                                                                                • String ID: ..\s\ssl\tls13_enc.c$U$W$tls13
                                                                                                                                                                                                                                • API String ID: 2176224248-2595563013
                                                                                                                                                                                                                                • Opcode ID: 2434f9489be11f169cd6148f5c9ca29509038478076bcee765c6d8193f5a2183
                                                                                                                                                                                                                                • Instruction ID: eba1b0cb2733ac2370e53fdd63a1c618282998717e8ccb78246d6b25d8ba1b52
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2434f9489be11f169cd6148f5c9ca29509038478076bcee765c6d8193f5a2183
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7918321B0DAC2A9F720AE12E4507BA66B0FB887C4F442135EE4DD7A99EF3CD545DB40
                                                                                                                                                                                                                                Function 00007FF8A80866CC Relevance: 30.0, APIs: 10, Strings: 7, Instructions: 205stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: strspn$strncmp
                                                                                                                                                                                                                                • String ID: $ $ ,$..\s\crypto\pem\pem_lib.c$DEK-Info:$ENCRYPTED$Proc-Type:
                                                                                                                                                                                                                                • API String ID: 1384302209-3505811795
                                                                                                                                                                                                                                • Opcode ID: 4852fe50dedbc2f0f83d44310ad3be750c25d0effceb91a6329b7263fadab02d
                                                                                                                                                                                                                                • Instruction ID: 3719ff62807499fcec03bd82dddbe642fffe0e1f030ec0ab8b30de411b8d9102
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4852fe50dedbc2f0f83d44310ad3be750c25d0effceb91a6329b7263fadab02d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CD91AE61E0AA53B6FB308F21A4542B93390FF40BC4F444035DA9E87699EF3CE645CB68
                                                                                                                                                                                                                                Function 00007FF8A8A01130 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 188COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722885346.00007FF8A8A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A8A00000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722869539.00007FF8A8A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A06000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A5C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AA7000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AAB000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AB0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8B05000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723115131.00007FF8A8B09000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723139253.00007FF8A8B0B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8a00000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Unicode_$Arg_Equal$ArgumentReady$CheckMallocMem_Positional
                                                                                                                                                                                                                                • String ID: argument 1$argument 2$invalid normalization form$normalize$str
                                                                                                                                                                                                                                • API String ID: 2997860075-4140678229
                                                                                                                                                                                                                                • Opcode ID: 24c4984fe0b4f8d2c8c25afce668d7ebafc2bfb977d8f9d20f810dc28fbae449
                                                                                                                                                                                                                                • Instruction ID: b9ecfbb61da92ddfe62ebb7bf1d9d59244544cf7cd0577795efab1659ba854e0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 24c4984fe0b4f8d2c8c25afce668d7ebafc2bfb977d8f9d20f810dc28fbae449
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E881D221E0F682A1FB648B1594563B923B1EF4ABC8F444131DD8E87696FF2CF505C32A
                                                                                                                                                                                                                                Function 00007FF8A8086695 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 202registryfileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Event$FileSource$ByteCharDeregisterHandleMultiRegisterReportTypeWideWrite__stdio_common_vsprintf__stdio_common_vswprintf
                                                                                                                                                                                                                                • String ID: $OpenSSL$OpenSSL: FATAL$no stack?
                                                                                                                                                                                                                                • API String ID: 2603057392-2963566556
                                                                                                                                                                                                                                • Opcode ID: 1f8a55c33d7af28058f0a3a27164936eac3bf161be498d70c40781ba5aba5352
                                                                                                                                                                                                                                • Instruction ID: 6f1d2320747e4e0b9738fabbf151a84759b8fa40dacf452110318b861b87944d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1f8a55c33d7af28058f0a3a27164936eac3bf161be498d70c40781ba5aba5352
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B91F172A09B82A5EB218F24E8451A87BA0FF45BD4F444731EA5E07795EF3CE255C318
                                                                                                                                                                                                                                Function 00007FF8A930DA10 Relevance: 22.8, APIs: 5, Strings: 8, Instructions: 96stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: strncmp$R_put_error
                                                                                                                                                                                                                                • String ID: ..\s\ssl\ssl_ciph.c$ECDHE-ECDSA-AES128-GCM-SHA256$ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384$ECDHE-ECDSA-AES256-GCM-SHA384$SUITEB128$SUITEB128C2$SUITEB128ONLY$SUITEB192
                                                                                                                                                                                                                                • API String ID: 2707563706-2661540032
                                                                                                                                                                                                                                • Opcode ID: 9c6915c2b9a68f9921c7eb4645cef8d51079716c1d06bde45b1936850fad297e
                                                                                                                                                                                                                                • Instruction ID: 5602b0e537dfc259f9a5945da1b414aa73340d820cf7ffb6b7ae0ea934b60f7c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9c6915c2b9a68f9921c7eb4645cef8d51079716c1d06bde45b1936850fad297e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 32414532A0EF86A6EB248F51D45037A72F0FB44BC4F005039DA1E87A94DF2CE651CB00
                                                                                                                                                                                                                                Function 00007FF8A8086988 Relevance: 21.3, APIs: 5, Strings: 9, Instructions: 267stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: strcmp$strncmp
                                                                                                                                                                                                                                • String ID: ..\s\crypto\asn1\asn_mime.c$application/pkcs7-mime$application/pkcs7-signature$application/x-pkcs7-mime$application/x-pkcs7-signature$boundary$content-type$multipart/signed$type:
                                                                                                                                                                                                                                • API String ID: 1244041713-3630080479
                                                                                                                                                                                                                                • Opcode ID: 707a128591142f49d0ee7328b1502ea5e99e31137fd224bf2b173adea33cbd71
                                                                                                                                                                                                                                • Instruction ID: c1cf190066245bce488c8f98b5bab7824f87d7a821f2a78ed832a738d5e6f8f6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 707a128591142f49d0ee7328b1502ea5e99e31137fd224bf2b173adea33cbd71
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FCC1CFA0A0E782B1FE61EB1194416B96391EF84BC0F444031EE8D4B7CAEF3CE595C728
                                                                                                                                                                                                                                Function 00007FF8A80842C3 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 135COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: ..\s\crypto\rand\randfile.c$Filename=$i
                                                                                                                                                                                                                                • API String ID: 0-1799673945
                                                                                                                                                                                                                                • Opcode ID: 5990bdfd0c60ba8543ce2c2e7e7f5959430ed3ec35f8974e6185769095e8bfbe
                                                                                                                                                                                                                                • Instruction ID: 60ae215ea5f42e95c0db066e0619a62f9a940ba8eaec940f3c2e7ab0cbe0dcd4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5990bdfd0c60ba8543ce2c2e7e7f5959430ed3ec35f8974e6185769095e8bfbe
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4F51A371A0EA42A6FA20DB15D8446BA3391FF80BC0F444135D90E876E9EF3CE506CB38
                                                                                                                                                                                                                                Function 00007FF7E71D1440 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 133COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                                • API String ID: 0-666925554
                                                                                                                                                                                                                                • Opcode ID: 74dc82bfdd566ab400160a5a18652023752b6dfb3ff5df5dbc85c3bd8cb8fac5
                                                                                                                                                                                                                                • Instruction ID: cdaeefedfa9b761a2e21f8ca31252b219a467ab49f8fce6b2e44a0d0dd270d34
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 74dc82bfdd566ab400160a5a18652023752b6dfb3ff5df5dbc85c3bd8cb8fac5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E851BC21A0874281EA14FB15F4847B9A360AF82BDAF854133DF3D07695EF7CE1479B22
                                                                                                                                                                                                                                Function 00007FF7E71D7810 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                                                                                                                                                                                                • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                                                                                                                                • API String ID: 4998090-2855260032
                                                                                                                                                                                                                                • Opcode ID: 3a311ca896c23303b083235c6b21b739ade8233c859481b729e43c8a7aab684c
                                                                                                                                                                                                                                • Instruction ID: b5d095b00c771bbee19d2cdf917c9846ece1ec2a9ab33eb35bf610effbae209a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a311ca896c23303b083235c6b21b739ade8233c859481b729e43c8a7aab684c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F641303161878282EB50EF20F4847AAB361FFC5755F844232EB6E46695DF3CE44ACB11
                                                                                                                                                                                                                                Function 00007FF8A8A024B0 Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 41COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722885346.00007FF8A8A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A8A00000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722869539.00007FF8A8A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A06000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A5C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AA7000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AAB000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AB0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8B05000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723115131.00007FF8A8B09000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723139253.00007FF8A8B0B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8a00000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Module_$Object$Capsule_ConstantCreate2Object_String
                                                                                                                                                                                                                                • String ID: 12.1.0$UCD$ucd_3_2_0$ucnhash_CAPI$unicodedata.ucnhash_CAPI$unidata_version
                                                                                                                                                                                                                                • API String ID: 3760240918-3763105981
                                                                                                                                                                                                                                • Opcode ID: 61620058af58bf177e15d3f380688a7fe387386ac2f0fda64fc1cbd15126a5f6
                                                                                                                                                                                                                                • Instruction ID: e96289dc28e2c2b44e790f347cd9f982d92f6aa9dbf60c279a207642c3be170c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 61620058af58bf177e15d3f380688a7fe387386ac2f0fda64fc1cbd15126a5f6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B11B374A0BB07B1EE159B55E8561B52370EF09BCAF446032D90E17361FF2CB54AC3AA
                                                                                                                                                                                                                                Function 00007FF8A8A026B4 Relevance: 19.7, APIs: 13, Instructions: 231COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722885346.00007FF8A8A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A8A00000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722869539.00007FF8A8A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A06000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A5C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AA7000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AAB000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AB0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8B05000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723115131.00007FF8A8B09000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723139253.00007FF8A8B0B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8a00000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_fastfail__scrt_release_startup_lock$__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1751999630-0
                                                                                                                                                                                                                                • Opcode ID: fed84a600c416b2b7a110d36d11904195530507fca46777a172af4e5b36ff657
                                                                                                                                                                                                                                • Instruction ID: 4ffaa58dbe6e145748bff41bafc814c25eee9a59bf6b228e6cbd9e895d363d8d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fed84a600c416b2b7a110d36d11904195530507fca46777a172af4e5b36ff657
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3F81CF20E0F743A6FA569B66984327962B0EF897C4F544035DA0E43396FF3CF945872A
                                                                                                                                                                                                                                Function 00007FF8A92F1C12 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 132stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: R_put_error$L_sk_freeL_sk_new_nullstrchrstrncmp
                                                                                                                                                                                                                                • String ID: ..\s\ssl\d1_srtp.c$H
                                                                                                                                                                                                                                • API String ID: 767303460-1001428523
                                                                                                                                                                                                                                • Opcode ID: 7a9524f77792694c28cd335e826729c382c3fbe05dab90ab04144662d4f536d4
                                                                                                                                                                                                                                • Instruction ID: 027920bd01480579f4ff9a8271e6183c29cfcacfee5f0ba3b8e3cc7334cb8d64
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a9524f77792694c28cd335e826729c382c3fbe05dab90ab04144662d4f536d4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6441E021B1FAC2E6FA119F26A80037A62E5EF48BD4F544435D91DC778DDEBEE5128700
                                                                                                                                                                                                                                Function 00007FF8A92F1C3A Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 126COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Digest$SignY_new_raw_private_key$FinalInitL_cleanseUpdateX_freeX_newY_free
                                                                                                                                                                                                                                • String ID: ..\s\ssl\tls13_enc.c$finished
                                                                                                                                                                                                                                • API String ID: 2202177965-3224497825
                                                                                                                                                                                                                                • Opcode ID: cd956a7dbb3421d460fa6aaf2083d69fe2c8da3115ffe5855734321a87095e11
                                                                                                                                                                                                                                • Instruction ID: a1131a360eec7bfd9b17c6679d0ca84767364a012ec2db892f17fd6dcfa47588
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cd956a7dbb3421d460fa6aaf2083d69fe2c8da3115ffe5855734321a87095e11
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DE51412260EAC2A9E664DF52A5412EAA3B0FB897C4F446032EE4DC7B5ADF7CD5119700
                                                                                                                                                                                                                                Function 00007FF8A92F1929 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_ctrlO_free_allO_int_ctrlO_method_typeO_newO_popO_pushO_s_socketO_up_refR_put_error
                                                                                                                                                                                                                                • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                • API String ID: 2857342199-1080266419
                                                                                                                                                                                                                                • Opcode ID: 9ded2fa25bdbb6a7b5398f2a78bbec5db11178893a865624105f9c314b2a1acc
                                                                                                                                                                                                                                • Instruction ID: d583e612f5f5ad08e5063095ee1d98e80f6ed4811c6f110d85f15f7f3ee9cac5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9ded2fa25bdbb6a7b5398f2a78bbec5db11178893a865624105f9c314b2a1acc
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5A21B422A0EE8155EB14EF25E55177D63B0EF48BC8F102531DA4CC7B9ADE2CE8518781
                                                                                                                                                                                                                                Function 00007FF8A8083391 Relevance: 18.1, APIs: 5, Strings: 7, Instructions: 127stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: atoi$strcmp
                                                                                                                                                                                                                                • String ID: ..\s\crypto\ts\ts_conf.c$accuracy$microsecs$millisecs$p$secs$'#
                                                                                                                                                                                                                                • API String ID: 4175852868-1340856472
                                                                                                                                                                                                                                • Opcode ID: d45c266a281aaa2b712da77a134e97040c46b01aa9aa2af58a86bfe472d47813
                                                                                                                                                                                                                                • Instruction ID: 7bd00b100db509de59d894b0f6bebf4fc5562a45f53b59a1dabdba194f2b7549
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d45c266a281aaa2b712da77a134e97040c46b01aa9aa2af58a86bfe472d47813
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9551CC61A0BA47BAEA14AF22A5402B873E1FF44BC4F441035EE4E43799EF3CE455C728
                                                                                                                                                                                                                                Function 00007FF7E71D2030 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                                • String ID: P%
                                                                                                                                                                                                                                • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                                • Opcode ID: f5a3bd79b12c7c571d23b6b5ebdfb181c7e65479c9c05912b09222cce72f5b00
                                                                                                                                                                                                                                • Instruction ID: 6d9390407a4113db7ae316737b7813eef607f3b35c3ebf1f5d29cdc32ef4c1df
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f5a3bd79b12c7c571d23b6b5ebdfb181c7e65479c9c05912b09222cce72f5b00
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D5108266047A186D628AF26F4582BAF7A1FB98B61F044122EBDF43684DF3CD046DB10
                                                                                                                                                                                                                                Function 00007FF8A92F1CEE Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 71COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_puts$O_printf
                                                                                                                                                                                                                                • String ID: Master-Key:$%02X$RSA $Session-ID:
                                                                                                                                                                                                                                • API String ID: 4098839300-1878088908
                                                                                                                                                                                                                                • Opcode ID: 587772a8e1746c0a663de917f53692193e5ee764bc46ea7ed2a5362907c8c510
                                                                                                                                                                                                                                • Instruction ID: 1eab0da1f31cf00898a5c5ca270213ca3df1f0c8559268d2d5bad9470020a7a7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 587772a8e1746c0a663de917f53692193e5ee764bc46ea7ed2a5362907c8c510
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 31314F25A0EED6A9EB54AF16D5403B867B0FF687C8F587032DE0DC6295DF6DE4A08300
                                                                                                                                                                                                                                Function 00007FF8A8086EF6 Relevance: 16.7, APIs: 4, Strings: 7, Instructions: 159stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: strchr
                                                                                                                                                                                                                                • String ID: ..\s\crypto\ocsp\ocsp_lib.c$/$/$443$[$http$https
                                                                                                                                                                                                                                • API String ID: 2830005266-535551730
                                                                                                                                                                                                                                • Opcode ID: 87896204be33adb92dece841a78ab3dca4226c3fbd3d15aeb8ba59b4d003f6b5
                                                                                                                                                                                                                                • Instruction ID: 71ac3eb1131ca0f9d92084de03b8db509ad94e03216e82647247ef4498480b1a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 87896204be33adb92dece841a78ab3dca4226c3fbd3d15aeb8ba59b4d003f6b5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16618B22A0FB52A4FB11EB15E4106B927A4FF45BD0F484035DA9D0738AEF3CE195C329
                                                                                                                                                                                                                                Function 00007FF8A92F1A46 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 286COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: ..\s\ssl\statem\extensions_srvr.c
                                                                                                                                                                                                                                • API String ID: 0-1853348325
                                                                                                                                                                                                                                • Opcode ID: 47c9c872dffd780b69c0af3cb6bfa1871c855b50e58a1c0fe4567ba2cddac658
                                                                                                                                                                                                                                • Instruction ID: df752e34adee395e245c2ff52c4b9db10cabf97d488a7897d1b763873f459c06
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 47c9c872dffd780b69c0af3cb6bfa1871c855b50e58a1c0fe4567ba2cddac658
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C8C18F61B4EAC3A5FB649E22D5403BA22A1EF45BC8F046035DE0DDBB8ADF7CE5558700
                                                                                                                                                                                                                                Function 00007FF8A934EAE0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Y_free
                                                                                                                                                                                                                                • String ID: ..\s\ssl\statem\statem_srvr.c
                                                                                                                                                                                                                                • API String ID: 1282063954-348624464
                                                                                                                                                                                                                                • Opcode ID: 520c429b816cefcc52706057fd5ad0ed0e7bd6bb9e86aa4b3d40283605c1ec58
                                                                                                                                                                                                                                • Instruction ID: 407f5b04a7d89bf3ec1d51571b1e043357b7b09591c87c168d87288b5615ee6a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 520c429b816cefcc52706057fd5ad0ed0e7bd6bb9e86aa4b3d40283605c1ec58
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 17519E76A0EB8299EA348F12A48076A77A0EF85BD4F446130EE5D87B95CF3CE5418B04
                                                                                                                                                                                                                                Function 00007FF8A8A05160 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722885346.00007FF8A8A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A8A00000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722869539.00007FF8A8A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A06000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A5C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AA7000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AAB000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AB0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8B05000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723115131.00007FF8A8B09000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723139253.00007FF8A8B0B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8a00000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Unicode_$Equal$CompareDeallocErr_ReadyString
                                                                                                                                                                                                                                • String ID: invalid normalization form
                                                                                                                                                                                                                                • API String ID: 3010910608-2281882113
                                                                                                                                                                                                                                • Opcode ID: fe4e629e476384fa92795967704cf4031fbde27a4ff287eefba88b821df140c1
                                                                                                                                                                                                                                • Instruction ID: 490132dd10d40130e65d8098b8d9952ad5ff8aa75362f0f643abc738db2b101f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fe4e629e476384fa92795967704cf4031fbde27a4ff287eefba88b821df140c1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC415B31A0BB02A5EB548B52A84123923B0FF48BC9F444535DD0E973A1EF6CF445836A
                                                                                                                                                                                                                                Function 00007FF8A8081073 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 94libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InformationObjectUser$AddressErrorHandleLastModuleProcProcessStationWindowwcsstr
                                                                                                                                                                                                                                • String ID: Service-0x$_OPENSSL_isservice
                                                                                                                                                                                                                                • API String ID: 459917433-1672312481
                                                                                                                                                                                                                                • Opcode ID: 907ea08856b7351fcfdb362072efdc6f3654c38b792a184621e31cfee440b119
                                                                                                                                                                                                                                • Instruction ID: 19e69dca4883a0e66722ff4a337cef2417dba700c9aeec6265b7c81017bbbd6d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 907ea08856b7351fcfdb362072efdc6f3654c38b792a184621e31cfee440b119
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A417F22A06A826AEBA19F24D8456B93790EF447F4F484734E97D067D4EF3CE145C728
                                                                                                                                                                                                                                Function 00007FF8A92F1951 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_ctrlO_freeO_newO_s_fileR_put_errorX509_free
                                                                                                                                                                                                                                • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                                                • API String ID: 785824201-2723262194
                                                                                                                                                                                                                                • Opcode ID: 6e5ec6f0fc918b289abcd7061eab92a11a6b5c3848b5e7eea1737d4a85b53af5
                                                                                                                                                                                                                                • Instruction ID: 5a672f0abcbfeb4df8a3103d7da5759692dc265d0d43d486a9740574980fbb2d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e5ec6f0fc918b289abcd7061eab92a11a6b5c3848b5e7eea1737d4a85b53af5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2D31CA21F0EED2AAFB209E5295007B96271EF98BC8F046431ED4D9BB86EE7CE5054740
                                                                                                                                                                                                                                Function 00007FF8A8A05074 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 58COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722885346.00007FF8A8A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A8A00000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722869539.00007FF8A8A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A06000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A5C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AA7000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AAB000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AB0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8B05000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723115131.00007FF8A8B09000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723139253.00007FF8A8B0B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8a00000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Arg_$ArgumentReadyUnicode_$CheckPositional
                                                                                                                                                                                                                                • String ID: argument 1$argument 2$is_normalized$str
                                                                                                                                                                                                                                • API String ID: 396090033-184702317
                                                                                                                                                                                                                                • Opcode ID: 0f7dd4732f9e0e597afdbfb83b755aee614f37aff07805b1f5a6976535164885
                                                                                                                                                                                                                                • Instruction ID: 31f57feb7f93aba25c502374bdc5e8bec5057fe81e3afad675e3e4361f963d80
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0f7dd4732f9e0e597afdbfb83b755aee614f37aff07805b1f5a6976535164885
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3C21B420A0BF46A5E7108B11E8452796370EF18BD8F544231D91E276E4EF2CF446C729
                                                                                                                                                                                                                                Function 00007FF7E71D7420 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,00007FF7E71D26A0), ref: 00007FF7E71D7447
                                                                                                                                                                                                                                • FormatMessageW.KERNEL32(00000000,00007FF7E71D26A0), ref: 00007FF7E71D7476
                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32 ref: 00007FF7E71D74CC
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D2620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7E71D76B4,?,?,?,?,?,?,?,?,?,?,?,00007FF7E71D101D), ref: 00007FF7E71D2654
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D2620: MessageBoxW.USER32 ref: 00007FF7E71D272C
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLastMessage$ByteCharFormatMultiWide
                                                                                                                                                                                                                                • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                                                                                • API String ID: 2920928814-2573406579
                                                                                                                                                                                                                                • Opcode ID: 1ca30c699dbe1e4654e7c4d5696967e2b1b1a4f4c1085b5d0a2cfb7980eebcbf
                                                                                                                                                                                                                                • Instruction ID: 50e6ff9aacf314b3e3bb16fee1a54029d1b3e6f875f7840070163eba1aeb2ac1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1ca30c699dbe1e4654e7c4d5696967e2b1b1a4f4c1085b5d0a2cfb7980eebcbf
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3F21623160CB4281E664EF14F89436AE665BFC8345FC40037D76D826A5EF3CD1168B22
                                                                                                                                                                                                                                Function 00007FF8A818BCA0 Relevance: 15.2, APIs: 1, Strings: 9, Instructions: 238stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: strncmp
                                                                                                                                                                                                                                • String ID: %-8d$, path=$, retcode=$, value=$..\s\crypto\conf\conf_mod.c$OPENSSL_finish$OPENSSL_init$module=$path
                                                                                                                                                                                                                                • API String ID: 1114863663-3652895664
                                                                                                                                                                                                                                • Opcode ID: 3ffd7b22a6c4a1b1c4d689ca8bc2bc64f888bd03435fec539f22409fa520b9b1
                                                                                                                                                                                                                                • Instruction ID: a1bf3eaeb2c4433e917998bbfc04bcdbbda3d2af5c3ce90badb7860ca44a8255
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3ffd7b22a6c4a1b1c4d689ca8bc2bc64f888bd03435fec539f22409fa520b9b1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AFA19F21A0AB46A6FF619F22A8516B93390EF44BC4F440135ED4E47BE5EF3CE585C728
                                                                                                                                                                                                                                Function 00007FF7E71E0158 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID: f$f$p$p$f
                                                                                                                                                                                                                                • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                                • Opcode ID: 864902cbb2e935f55fbb0b0f358a3d1305b233c90ffe52d12db1516ed6b7c985
                                                                                                                                                                                                                                • Instruction ID: 96c756b5a3e0b0bef854b95385ee20e4488c726cb2be084469cde4e9576dd0bf
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 864902cbb2e935f55fbb0b0f358a3d1305b233c90ffe52d12db1516ed6b7c985
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53126571E0C24387FB24BA14F1547B9E6A1EBC0754FE4403BD6E9866C4DB7CE5828B62
                                                                                                                                                                                                                                Function 00007FF8A808365C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 117networkCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLastsetsockopt
                                                                                                                                                                                                                                • String ID: ..\s\crypto\bio\b_sock2.c$o
                                                                                                                                                                                                                                • API String ID: 1729277954-1872632005
                                                                                                                                                                                                                                • Opcode ID: 8d166042045d94caf43c0dc6d533097cdb4f363d452d1997037747fa8223900a
                                                                                                                                                                                                                                • Instruction ID: 110d00bea2969463a2d0b00a0c80a177b1490074176d90bebbbf7a9c2fa0f6cf
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8d166042045d94caf43c0dc6d533097cdb4f363d452d1997037747fa8223900a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B8510071B09646AAE720CF21E8047BD77A0FB81784F044230EA8947BD9DF7DE555CB68
                                                                                                                                                                                                                                Function 00007FF8A92F1B7C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 113COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Digest$Final_exInit_ex$UpdateX_freeX_new
                                                                                                                                                                                                                                • String ID: exporter
                                                                                                                                                                                                                                • API String ID: 3991325671-111224270
                                                                                                                                                                                                                                • Opcode ID: b2ede6607afb386a75a5a5a28c238858f36694c2d788a5fd6f1b8d0741a327c2
                                                                                                                                                                                                                                • Instruction ID: 4ebf7992e162067072df2e6b5a863352a2e9ae321e303e050d14201b0647c252
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b2ede6607afb386a75a5a5a28c238858f36694c2d788a5fd6f1b8d0741a327c2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5941553260DFC299EA209F16E8407EAB3A8EB897C4F442031ED8E87759DE7CD1418B00
                                                                                                                                                                                                                                Function 00007FF8A808341D Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 99libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: HandleModule$AddressProc__stdio_common_vswprintf
                                                                                                                                                                                                                                • String ID: OPENSSL_Applink$OPENSSL_Uplink(%p,%02X): $_ssl.pyd$_ssl_d.pyd
                                                                                                                                                                                                                                • API String ID: 572638636-1130596517
                                                                                                                                                                                                                                • Opcode ID: 3a214ecd083972a397b754c6d42c233fe9ad2c1f8d223ee7389fdf3967f63d7b
                                                                                                                                                                                                                                • Instruction ID: 6f4b3d6e0f740a1232c6dcc6fc9d3364bbe290ab671e926b86100d96d17f4242
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a214ecd083972a397b754c6d42c233fe9ad2c1f8d223ee7389fdf3967f63d7b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7C511821D1FF82A5F7118F29E80417833A0FF98BE4F095735D96D122A9EF3CA5908328
                                                                                                                                                                                                                                Function 00007FF8A80869A1 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 85stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: strcmpstrncmpstrtoul
                                                                                                                                                                                                                                • String ID: MASK:$default$nombstr$pkix$utf8only
                                                                                                                                                                                                                                • API String ID: 1175158921-3483942737
                                                                                                                                                                                                                                • Opcode ID: 2bd5ef09541ca9ae9162a991637ebcb4c3d5f3a1db9288c4a1ff0209dae57ec5
                                                                                                                                                                                                                                • Instruction ID: f7330f6f52e60be891736efeca7b4f095a465b7b5d8b0d6233f1900bee834fdb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2bd5ef09541ca9ae9162a991637ebcb4c3d5f3a1db9288c4a1ff0209dae57ec5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 98313B62B1E985A6EB428B2CE4507B83760FF457C0F845232EB5E43695FF1CE5A1C728
                                                                                                                                                                                                                                Function 00007FF7E71D6F50 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 84processsynchronizationCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                                                                • String ID: CreateProcessW$Error creating child process!
                                                                                                                                                                                                                                • API String ID: 2895956056-3524285272
                                                                                                                                                                                                                                • Opcode ID: 5f16b07142fd6e9cf00bc922e8cc9db10b45bb18e926ceaba9689dfbd1de94f9
                                                                                                                                                                                                                                • Instruction ID: ce3afdf37619e254afc703cfd383904a7f29e46ed2b5127edc6b0632e26ad5d2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5f16b07142fd6e9cf00bc922e8cc9db10b45bb18e926ceaba9689dfbd1de94f9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B8413132A08B8282EA14EB64F4553AEF3A4FFD5350F900136E6AD43795DF7CD0568B51
                                                                                                                                                                                                                                Function 00007FF7E71DDB70 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                • String ID: csm$csm$csm
                                                                                                                                                                                                                                • API String ID: 849930591-393685449
                                                                                                                                                                                                                                • Opcode ID: 905927d9e3da027d40e91907a7f1dd58b6d09944997845db9437df3d999e9f33
                                                                                                                                                                                                                                • Instruction ID: 713e6248c0ecfd966b2f92868e7acb6914b167638dd30f27ebe2a9a3f232615d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 905927d9e3da027d40e91907a7f1dd58b6d09944997845db9437df3d999e9f33
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 51E18572A087428AEB20AF65E4803ADB7A0FB85799F400537DF9D57B55CF38E442CB52
                                                                                                                                                                                                                                Function 00007FF7E71EDCE8 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,00000000,?,00007FF7E71EE082,?,?,000001D6CBDD8C48,00007FF7E71EA153,?,?,?,00007FF7E71EA04A,?,?,?,00007FF7E71E53A2), ref: 00007FF7E71EDE64
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00000000,?,00007FF7E71EE082,?,?,000001D6CBDD8C48,00007FF7E71EA153,?,?,?,00007FF7E71EA04A,?,?,?,00007FF7E71E53A2), ref: 00007FF7E71EDE70
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                • Opcode ID: 3f9ea5ddd66982662272f3b60427da02763780b89cc10366f1f57cf1354b879c
                                                                                                                                                                                                                                • Instruction ID: 100252fd72319c2d09cb58a25e04e957f7e378fbed65c7fdda360ac2aefbe4c2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3f9ea5ddd66982662272f3b60427da02763780b89cc10366f1f57cf1354b879c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 66411561B19B0242FA19EB16F804775A395FF85B90F886136DD6D97784DE3CE4078322
                                                                                                                                                                                                                                Function 00007FF7E71D7570 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 104COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7E71D101D), ref: 00007FF7E71D760F
                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7E71D101D), ref: 00007FF7E71D765F
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ByteCharMultiWide
                                                                                                                                                                                                                                • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                                • API String ID: 626452242-27947307
                                                                                                                                                                                                                                • Opcode ID: 4bbd7603499378b50442979c546d1f664acf9c627e90c3cd8d10ddb09143890f
                                                                                                                                                                                                                                • Instruction ID: 4aab514cde0e967852d60a72bdd8a14dc72df504e4199cf27e6a52de262b073a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4bbd7603499378b50442979c546d1f664acf9c627e90c3cd8d10ddb09143890f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5641A232A08B8282E624EF55F48026AE764FBC4790F984136DBAD47B94EF3CD063D711
                                                                                                                                                                                                                                Function 00007FF8A8A052E4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722885346.00007FF8A8A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A8A00000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722869539.00007FF8A8A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A06000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A5C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AA7000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AAB000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AB0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8B05000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723115131.00007FF8A8B09000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723139253.00007FF8A8B0B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8a00000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Arg_ArgumentErr_FromLongLong_OccurredReadyUnicode_
                                                                                                                                                                                                                                • String ID: a unicode character$argument$mirrored
                                                                                                                                                                                                                                • API String ID: 3097524968-4001128513
                                                                                                                                                                                                                                • Opcode ID: c810eed8f82086262c6e78a18d9078051395a987c3793f0f044087c6af80baa0
                                                                                                                                                                                                                                • Instruction ID: 7cd0fa684805dac97851b903d1e61ce24e4a289fbfcae02a3ea41d27a7450a2f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c810eed8f82086262c6e78a18d9078051395a987c3793f0f044087c6af80baa0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 37318B60F0BB06A2FB644B2594A237922B1EF44BD4F444535CA0EA62D0FF6CF845D26B
                                                                                                                                                                                                                                Function 00007FF8A8A04838 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722885346.00007FF8A8A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A8A00000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722869539.00007FF8A8A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A06000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A5C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AA7000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AAB000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AB0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8B05000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723115131.00007FF8A8B09000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723139253.00007FF8A8B0B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8a00000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Arg_ArgumentErr_FromLongLong_OccurredReadyUnicode_
                                                                                                                                                                                                                                • String ID: a unicode character$argument$combining
                                                                                                                                                                                                                                • API String ID: 3097524968-4202047184
                                                                                                                                                                                                                                • Opcode ID: 4abcde2cecbecc878ffecb5aa1b55e6f84b2c377b6dad8750ff0b1d513e6454f
                                                                                                                                                                                                                                • Instruction ID: d5035c7b7f44c37c1cb64b2f9bec24a4e1392305b060d02e88daf1a06d808372
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4abcde2cecbecc878ffecb5aa1b55e6f84b2c377b6dad8750ff0b1d513e6454f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF31AD21F0BA46A2FB644B61946237912B1FF44BD8F044935CA0E562D4EF2CF849A22A
                                                                                                                                                                                                                                Function 00007FF7E71D7AB0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00007FF7E71D3679), ref: 00007FF7E71D7AF1
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D2620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7E71D76B4,?,?,?,?,?,?,?,?,?,?,?,00007FF7E71D101D), ref: 00007FF7E71D2654
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D2620: MessageBoxW.USER32 ref: 00007FF7E71D272C
                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00007FF7E71D3679), ref: 00007FF7E71D7B65
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                                                                • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                                • API String ID: 3723044601-27947307
                                                                                                                                                                                                                                • Opcode ID: 92b52a23bf177b804bd471eb00781d9ecb554dad94de0916a037b448ee798d7d
                                                                                                                                                                                                                                • Instruction ID: d81bcbf32050d9b801744e2b7cb9527cadd10143e343d2308dea5af5a4d8786a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 92b52a23bf177b804bd471eb00781d9ecb554dad94de0916a037b448ee798d7d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 43219C21A08B4285EA14EF22F880279FB61AFD4B90B884136CB2D43795EF7CE5169712
                                                                                                                                                                                                                                Function 00007FF8A9306C80 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: R_put_error
                                                                                                                                                                                                                                • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                                                                • API String ID: 1767461275-4238427508
                                                                                                                                                                                                                                • Opcode ID: e21c1b1e74aa922af955503db0d9853d4ab358be7fcf9926e7e141aa0bf6a1b1
                                                                                                                                                                                                                                • Instruction ID: b90392e914fb0279033ee36a3e7006532288473db7acbb2fee4f5dff1435a1b9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e21c1b1e74aa922af955503db0d9853d4ab358be7fcf9926e7e141aa0bf6a1b1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D21B061B0E9829AEB10DF22E5406BE73B0FB84BC8F441435DA4D83B9ADF3CE5418B00
                                                                                                                                                                                                                                Function 00007FF8A827D140 Relevance: 12.2, APIs: 2, Strings: 6, Instructions: 190stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memsetstrncpy
                                                                                                                                                                                                                                • String ID: , failure codes: $, status text: $..\s\crypto\ts\ts_rsp_verify.c$status code: $unknown code$unspecified
                                                                                                                                                                                                                                • API String ID: 388311670-2553778726
                                                                                                                                                                                                                                • Opcode ID: 5c52ad6f925e1ec42b9a6af6a72652748dd451416fa45a3f3ad2c19ea7319b3e
                                                                                                                                                                                                                                • Instruction ID: e5e28872b94cb9c39392acea50eb8124c63d671af972509acba926ee5080d589
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5c52ad6f925e1ec42b9a6af6a72652748dd451416fa45a3f3ad2c19ea7319b3e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 07818131A0AA82A6FB60EB1294413B97791FF85BC4F840035DA4D8779AEF3CE545C728
                                                                                                                                                                                                                                Function 00007FF8A92F3AE0 Relevance: 12.1, APIs: 8, Instructions: 111COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_clear_flagsO_get_dataO_set_flagsO_set_retry_reason
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3836630899-0
                                                                                                                                                                                                                                • Opcode ID: 48e16ec5a77cd8e9c9fc854e1f7a8cfccd99df8e26513e75bc304c3ab69e74f2
                                                                                                                                                                                                                                • Instruction ID: 09cac4e5efa72e9474eb5f08fe293a15be36bfa5541a83185617e578759fe259
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 48e16ec5a77cd8e9c9fc854e1f7a8cfccd99df8e26513e75bc304c3ab69e74f2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D31E822E0E682D6F728AF62955127D6291EF44BD4F005431ED2DC778ECF7CE8A29740
                                                                                                                                                                                                                                Function 00007FF7E71E9194 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID: f$p$p
                                                                                                                                                                                                                                • API String ID: 3215553584-1995029353
                                                                                                                                                                                                                                • Opcode ID: 8b43f30c9b627f105c9440690760d813b6cbc2015482011a3dd154e3df4de9b0
                                                                                                                                                                                                                                • Instruction ID: d667d1d2ee45fe2bab7a4adfb1054cdcdffa8b75a8591027b87a6e9f1006e6e3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8b43f30c9b627f105c9440690760d813b6cbc2015482011a3dd154e3df4de9b0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B127161E0C34347FB24BA15F0547B9B6A2EBC0754FD44137E6AA866C4DB3CE5868B23
                                                                                                                                                                                                                                Function 00007FF8A933FE60 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 159COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • BN_bin2bn.LIBCRYPTO-1_1(?,?,00000000,00000000,?,00007FF8A933D5B0), ref: 00007FF8A933FFD5
                                                                                                                                                                                                                                • BN_bin2bn.LIBCRYPTO-1_1(?,?,00000000,00000000,?,00007FF8A933D5B0), ref: 00007FF8A933FFF3
                                                                                                                                                                                                                                • BN_bin2bn.LIBCRYPTO-1_1(?,?,00000000,00000000,?,00007FF8A933D5B0), ref: 00007FF8A934000D
                                                                                                                                                                                                                                • BN_bin2bn.LIBCRYPTO-1_1(?,?,00000000,00000000,?,00007FF8A933D5B0), ref: 00007FF8A9340026
                                                                                                                                                                                                                                • X509_get0_pubkey.LIBCRYPTO-1_1(?,?,00000000,00000000,?,00007FF8A933D5B0), ref: 00007FF8A9340065
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: N_bin2bn$X509_get0_pubkey
                                                                                                                                                                                                                                • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                                • API String ID: 3650846462-1507966698
                                                                                                                                                                                                                                • Opcode ID: 3dcda63de29eb65d750073e99d8738b17b35b018f3991ce888ec550fa2f47bde
                                                                                                                                                                                                                                • Instruction ID: 9a09deefd1ffe89b7b15bad4492e4f0275bc41e3305389effcc3f62869bf1b14
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3dcda63de29eb65d750073e99d8738b17b35b018f3991ce888ec550fa2f47bde
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E061E222B09FD194EB508F2498442AD77B4FB857D8F18A630DEAC66B99DF38D291C340
                                                                                                                                                                                                                                Function 00007FF8A930DC00 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 139COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: R_put_error$L_sk_pushmemcpy
                                                                                                                                                                                                                                • String ID: ..\s\ssl\ssl_ciph.c$P
                                                                                                                                                                                                                                • API String ID: 96246294-2953004322
                                                                                                                                                                                                                                • Opcode ID: 8d38bac2a8dcdcf5f068ddabef41b603b8a3f89ad49701e50fce4e72cd0622a8
                                                                                                                                                                                                                                • Instruction ID: 004165299e70721712295476912101cd19fb17ca3aefe44c50b98bffd2658070
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8d38bac2a8dcdcf5f068ddabef41b603b8a3f89ad49701e50fce4e72cd0622a8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 78218865B1EAC1A6F760DF51E4553BA72A0EF487C4F406035DA4DC679ADF6CE1448B00
                                                                                                                                                                                                                                Function 00007FF8A8082301 Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 121stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: strchr
                                                                                                                                                                                                                                • String ID: characters$ to $..\s\crypto\ui\ui_lib.c$You must type in
                                                                                                                                                                                                                                • API String ID: 2830005266-3422546668
                                                                                                                                                                                                                                • Opcode ID: bd9b23c53823ea533117beb14583a142546b9b8a34662f0ea3acb6cbd8b53595
                                                                                                                                                                                                                                • Instruction ID: 185f1e603e988520f32dc2bcb58feb45b13f709ed576555c3664196ef1f1b531
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bd9b23c53823ea533117beb14583a142546b9b8a34662f0ea3acb6cbd8b53595
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E251BF72E0AA42AAEF209F24C4512B937A0EB45BD8F040232DA4D47799DF3CE551CB68
                                                                                                                                                                                                                                Function 00007FF8A8A01750 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 120COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722885346.00007FF8A8A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A8A00000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722869539.00007FF8A8A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A06000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A5C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AA7000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AAB000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AB0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8B05000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723115131.00007FF8A8B09000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723139253.00007FF8A8B0B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8a00000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Unicode_$Arg_ArgumentFromReadyString
                                                                                                                                                                                                                                • String ID: a unicode character$argument$category
                                                                                                                                                                                                                                • API String ID: 3000140846-2068800536
                                                                                                                                                                                                                                • Opcode ID: 11b5af09c6e96202cd833029fba62b7afc398d5caaf83a6a0a49b5ae9faf58ca
                                                                                                                                                                                                                                • Instruction ID: 8bba4caed0c1d1bf81de122e3161506d32beeba0e94c299ee2e148944bd434d3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 11b5af09c6e96202cd833029fba62b7afc398d5caaf83a6a0a49b5ae9faf58ca
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9751D361B0B642A2EB588706D4523B822F2FB44BC4F444135DA8E47790FF3CFA55D369
                                                                                                                                                                                                                                Function 00007FF8A808240A Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 113stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _stricmpstrchrstrncmp
                                                                                                                                                                                                                                • String ID: ..\s\crypto\store\store_lib.c$T$file
                                                                                                                                                                                                                                • API String ID: 3017659097-909561481
                                                                                                                                                                                                                                • Opcode ID: 8d9a0ca79b86ce2ebfc7c63195201edfc06bd3520c166aa7ad287b7b0d13c6b7
                                                                                                                                                                                                                                • Instruction ID: 57c2705378f0a65bd5979714cd96ac5152641582a0a65cebf0b82e549b8de205
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8d9a0ca79b86ce2ebfc7c63195201edfc06bd3520c166aa7ad287b7b0d13c6b7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E941E33260AA52A5EA21DF12E8442B973A1FF88BC4F844135DE4D07798EF3CE945C728
                                                                                                                                                                                                                                Function 00007FF8A8A01000 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 104COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722885346.00007FF8A8A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A8A00000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722869539.00007FF8A8A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A06000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A5C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AA7000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AAB000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AB0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8B05000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723115131.00007FF8A8B09000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723139253.00007FF8A8B0B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8a00000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Unicode_$Arg_ArgumentFromReadyString
                                                                                                                                                                                                                                • String ID: a unicode character$argument$bidirectional
                                                                                                                                                                                                                                • API String ID: 3000140846-2110215792
                                                                                                                                                                                                                                • Opcode ID: 2951cb651f92f80c2450ab6db5bafeba69142dea97d1071b270051d478aa9691
                                                                                                                                                                                                                                • Instruction ID: bbd517a1a38e7b5303f8f82f22484ac4165470274948a62d06acb443f093f8b5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2951cb651f92f80c2450ab6db5bafeba69142dea97d1071b270051d478aa9691
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3C41B121B0F642A2EB588B15D8523B962B1FB48BC4F644539DA8E432D0FF2DF945C329
                                                                                                                                                                                                                                Function 00007FF7E71D7BA0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 99COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ByteCharMultiWide
                                                                                                                                                                                                                                • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                                                • API String ID: 626452242-876015163
                                                                                                                                                                                                                                • Opcode ID: aa298a002c453f6745e6396b8798e2734c1602e68a69c20a805e124d22ac7461
                                                                                                                                                                                                                                • Instruction ID: a326c3631a424c61c4f2bb30ed4db7270bdb43f4ad8eda935f0b7159c388c215
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa298a002c453f6745e6396b8798e2734c1602e68a69c20a805e124d22ac7461
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD419132A18B4386EA24EF15F480369A6A5FB84790F940136DF6D47B94DF3CD053DB11
                                                                                                                                                                                                                                Function 00007FF8A8A05608 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722885346.00007FF8A8A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A8A00000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722869539.00007FF8A8A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A06000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A5C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AA7000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AAB000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AB0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8B05000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723115131.00007FF8A8B09000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723139253.00007FF8A8B0B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8a00000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: EqualUnicode_
                                                                                                                                                                                                                                • String ID: invalid normalization form
                                                                                                                                                                                                                                • API String ID: 3822945493-2281882113
                                                                                                                                                                                                                                • Opcode ID: 52adbe2ba8cfd1881f36d22b7474a004ba8ed60ba2cdfc74fbb69c043373234b
                                                                                                                                                                                                                                • Instruction ID: 2ca90dec4658f245f4bd2be267631fb8bd7664378cc4251253e061ac19b37ada
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 52adbe2ba8cfd1881f36d22b7474a004ba8ed60ba2cdfc74fbb69c043373234b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 86318020F0F682A1FB6087229916B791271FF49FC8F484030DD4D56A96EF6DF105972A
                                                                                                                                                                                                                                Function 00007FF8A92F1AE1 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 93COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: L_sk_num$L_sk_valueX509_i2d_
                                                                                                                                                                                                                                • String ID: "$..\s\ssl\statem\statem_lib.c
                                                                                                                                                                                                                                • API String ID: 3754435392-3756396100
                                                                                                                                                                                                                                • Opcode ID: aab37bef012f5e6d6af6fee865d7238023c49f8be50ff4b58f3f88c045243ca4
                                                                                                                                                                                                                                • Instruction ID: a01a7a183f8a5118434441a8586cb6ea11949b6517bcd9a4c47b210cd1a591c5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aab37bef012f5e6d6af6fee865d7238023c49f8be50ff4b58f3f88c045243ca4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E231C221B1EAC365FA10DF62A5402BE62A0EF84BD4F442430ED4CC7B9AEF7CE5418B00
                                                                                                                                                                                                                                Function 00007FF8A8A04984 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 91COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722885346.00007FF8A8A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A8A00000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722869539.00007FF8A8A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A06000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A5C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AA7000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AAB000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AB0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8B05000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723115131.00007FF8A8B09000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723139253.00007FF8A8B0B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8a00000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                                                                                                                                                                                                                                • String ID: a unicode character$argument 1$decimal
                                                                                                                                                                                                                                • API String ID: 3545102714-2474051849
                                                                                                                                                                                                                                • Opcode ID: 1edd0f872e078ae46c3bd96f96f546a30f723c592c5451fb704a8da1bced2abb
                                                                                                                                                                                                                                • Instruction ID: 4490981f6b53e055e7fd78b677b537e3429d2bcdb133e9020bdaf7150df76bed
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1edd0f872e078ae46c3bd96f96f546a30f723c592c5451fb704a8da1bced2abb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 35318B21B0FA46A6EB608B45D4523792271FB84BC8F988031DA0D57B95EF3DF856C32D
                                                                                                                                                                                                                                Function 00007FF8A8A0577C Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 91COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722885346.00007FF8A8A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A8A00000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722869539.00007FF8A8A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A06000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A5C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AA7000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AAB000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AB0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8B05000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723115131.00007FF8A8B09000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723139253.00007FF8A8B0B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8a00000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                                                                                                                                                                                                                                • String ID: a unicode character$argument 1$numeric
                                                                                                                                                                                                                                • API String ID: 3545102714-2385192657
                                                                                                                                                                                                                                • Opcode ID: 6ba9616c76c1b2578bf5061fe10e7fea3253e3269814aac9abed4bdef8af4287
                                                                                                                                                                                                                                • Instruction ID: 210a08b82ccdcb01f4cc98ea12bf3c9640cd3746c6711f4f31a043afcb620176
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6ba9616c76c1b2578bf5061fe10e7fea3253e3269814aac9abed4bdef8af4287
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CA31BF21B0BB46A2EB508B16D4423792371EB84BC4F588431CE1D67795EF3DF846E72A
                                                                                                                                                                                                                                Function 00007FF8A8A0543C Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 91COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722885346.00007FF8A8A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A8A00000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722869539.00007FF8A8A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A06000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A5C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AA7000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AAB000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AB0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8B05000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723115131.00007FF8A8B09000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723139253.00007FF8A8B0B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8a00000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                                                                                                                                                                                                                                • String ID: a unicode character$argument 1$name
                                                                                                                                                                                                                                • API String ID: 3545102714-4190364640
                                                                                                                                                                                                                                • Opcode ID: 024395b689c67a05806c68adcf79414aab75b3a78e0a20c892317bdea327388a
                                                                                                                                                                                                                                • Instruction ID: 42f4241a37485901d40e59a7230811202539c9a76c5c407d85308373b6ae84e8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 024395b689c67a05806c68adcf79414aab75b3a78e0a20c892317bdea327388a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A231A021B0BE46A2EB508B05D44227D2372EB84BD4F549031CA4D6B794EF3EF842C329
                                                                                                                                                                                                                                Function 00007FF8A92F1BD6 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 90COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: L_cleanse
                                                                                                                                                                                                                                • String ID: $ $0$extended master secret$master secret
                                                                                                                                                                                                                                • API String ID: 1040887069-741269486
                                                                                                                                                                                                                                • Opcode ID: 60efae92cf271af2bd7e87180dea88d22f8e1213ffb1e06b9429debec4d2a6da
                                                                                                                                                                                                                                • Instruction ID: 22e16ae4678d086e3de3cc508a035d71ccb5014604131ded2a33b655da5bbc46
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 60efae92cf271af2bd7e87180dea88d22f8e1213ffb1e06b9429debec4d2a6da
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F841267260DB8195E760CF11F88039AB6A4FB887C4F54A135EA8C87A6AEF7DD155CB00
                                                                                                                                                                                                                                Function 00007FF7E71DCE28 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF7E71DD0DA,?,?,?,00007FF7E71DCDCC,?,?,00000001,00007FF7E71DC9E9), ref: 00007FF7E71DCEAD
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF7E71DD0DA,?,?,?,00007FF7E71DCDCC,?,?,00000001,00007FF7E71DC9E9), ref: 00007FF7E71DCEBB
                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF7E71DD0DA,?,?,?,00007FF7E71DCDCC,?,?,00000001,00007FF7E71DC9E9), ref: 00007FF7E71DCEE5
                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,?,00007FF7E71DD0DA,?,?,?,00007FF7E71DCDCC,?,?,00000001,00007FF7E71DC9E9), ref: 00007FF7E71DCF2B
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF7E71DD0DA,?,?,?,00007FF7E71DCDCC,?,?,00000001,00007FF7E71DC9E9), ref: 00007FF7E71DCF37
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                • String ID: api-ms-
                                                                                                                                                                                                                                • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                • Opcode ID: 5875a968ec1c8163f4728790c5c34772c02e6e55674a02490018482c9d800bcd
                                                                                                                                                                                                                                • Instruction ID: 7122505794d3db4ce6846e81bd5e274dafe3da37f6e8322764a8bacdae13f511
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5875a968ec1c8163f4728790c5c34772c02e6e55674a02490018482c9d800bcd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E531C721A1A74295EE15EF02F8507B5A294BF89BA1F994936DF3D46340DF3CE0428B21
                                                                                                                                                                                                                                Function 00007FF7E71D6460 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D79A0: MultiByteToWideChar.KERNEL32 ref: 00007FF7E71D79DA
                                                                                                                                                                                                                                • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF7E71D67AF,?,00000000,?,TokenIntegrityLevel), ref: 00007FF7E71D64BF
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D2770: MessageBoxW.USER32 ref: 00007FF7E71D2841
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF7E71D651A
                                                                                                                                                                                                                                • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF7E71D6496
                                                                                                                                                                                                                                • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF7E71D64D3
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                                • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                                                                                                                • API String ID: 1662231829-3498232454
                                                                                                                                                                                                                                • Opcode ID: 9eb99ae586d031700f80d960bb93105f64990418315754ce9dca1f45177a6931
                                                                                                                                                                                                                                • Instruction ID: 471986698c023c7814121b0a59bd2f0f3d2c1a25d4ca826ee8db91370bf53ed6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9eb99ae586d031700f80d960bb93105f64990418315754ce9dca1f45177a6931
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF316611B1874241FA24F725F9953BAD251AFD87C1FC44433DB6E4279AEE3CE5068B22
                                                                                                                                                                                                                                Function 00007FF8A8A04DA0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 87COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722885346.00007FF8A8A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A8A00000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722869539.00007FF8A8A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A06000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A5C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AA7000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AAB000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AB0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8B05000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723115131.00007FF8A8B09000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723139253.00007FF8A8B0B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8a00000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                                                                                                                                                                                                                                • String ID: a unicode character$argument 1$digit
                                                                                                                                                                                                                                • API String ID: 3545102714-197099943
                                                                                                                                                                                                                                • Opcode ID: bd974eef077122dec893b469d7545075ff2cae19a9a2d289780263393b15a563
                                                                                                                                                                                                                                • Instruction ID: ee2430a475bdb51262c5ccea5f5124ff5c6e48a29ba937d5b387fec1f70253da
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bd974eef077122dec893b469d7545075ff2cae19a9a2d289780263393b15a563
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AF314C21B0B656A2EB608B15D5422B92271FB84BC8F948431DA0D47794FF3DF896C369
                                                                                                                                                                                                                                Function 00007FF8A8A04C38 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 83COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722885346.00007FF8A8A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A8A00000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722869539.00007FF8A8A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A06000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A5C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AA7000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AAB000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AB0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8B05000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723115131.00007FF8A8B09000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723139253.00007FF8A8B0B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8a00000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FromStringUnicode_$S_snprintfSizememcpy
                                                                                                                                                                                                                                • String ID: $%04X
                                                                                                                                                                                                                                • API String ID: 3253253298-4013080060
                                                                                                                                                                                                                                • Opcode ID: 8783773e75f91aa2f04b476c70ee7b81768cdf1f8208fe2319de8069345006e0
                                                                                                                                                                                                                                • Instruction ID: c85682f9e7d3022138151ec4e8e466c8f56975dc5ba514e2e9a8506e2ed61f0b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8783773e75f91aa2f04b476c70ee7b81768cdf1f8208fe2319de8069345006e0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4C31D272A0BA81A1EB218B14E4553B963B0FB48BD8F450235CA6E037D5EF3CE445C315
                                                                                                                                                                                                                                Function 00007FF8A92F1B27 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_ctrlO_freeO_newO_s_fileR_put_error
                                                                                                                                                                                                                                • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                                                • API String ID: 2618924202-2723262194
                                                                                                                                                                                                                                • Opcode ID: 8d58ee7b11d0c0ec938e92c6c3949c0826d999b61468d251a78d44bec04e1ef1
                                                                                                                                                                                                                                • Instruction ID: 4ac6bcd3506c5e290cc56d7fdf68629d45fa5e14efbc5d6e5e2fff437a2249c2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8d58ee7b11d0c0ec938e92c6c3949c0826d999b61468d251a78d44bec04e1ef1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B731A721A0EAC296F7209F5295406BE7271EB59BC8F546034EF4D8BB86CF3DE5014744
                                                                                                                                                                                                                                Function 00007FF8A8083E45 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _chmod_stat64i32fclosefwrite
                                                                                                                                                                                                                                • String ID: ..\s\crypto\rand\randfile.c$Filename=
                                                                                                                                                                                                                                • API String ID: 4260490851-2201148535
                                                                                                                                                                                                                                • Opcode ID: 9583951cb24bb92d91a3483a246215b3780206df37694dce07967a41c698ced9
                                                                                                                                                                                                                                • Instruction ID: 111aeac12a8ab641fa305b9d1b298dfc7e9f6f4c343b76f4714ad9abdef7b5b7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9583951cb24bb92d91a3483a246215b3780206df37694dce07967a41c698ced9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B4319EB1A0EA46A6EA20DB11E4013B973A1FF947C4F444035DA4E477E9EF3CE544CB28
                                                                                                                                                                                                                                Function 00007FF7E71D79A0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32 ref: 00007FF7E71D79DA
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D2620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7E71D76B4,?,?,?,?,?,?,?,?,?,?,?,00007FF7E71D101D), ref: 00007FF7E71D2654
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D2620: MessageBoxW.USER32 ref: 00007FF7E71D272C
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32 ref: 00007FF7E71D7A60
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                                                                • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                                                • API String ID: 3723044601-876015163
                                                                                                                                                                                                                                • Opcode ID: ee2ee3c888b621b3c3f4dc33b354bcabab4fe5f972038a38ac2187e11a85846b
                                                                                                                                                                                                                                • Instruction ID: 6fc51b0188ca401f5155f5789f42d0d9afe3a7026cf13a31c9b9a137a37c7bf3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ee2ee3c888b621b3c3f4dc33b354bcabab4fe5f972038a38ac2187e11a85846b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CD219322B08B4241EB14EB19F440265E761EFC57C4F984132DB6C93BA9EE3CD5529B11
                                                                                                                                                                                                                                Function 00007FF7E71EA550 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF7E71F2363,?,?,?,00007FF7E71ECABC,?,?,00000000,00007FF7E71E398F,?,?,?,00007FF7E71E9243), ref: 00007FF7E71EA55F
                                                                                                                                                                                                                                • FlsGetValue.KERNEL32(?,?,?,00007FF7E71F2363,?,?,?,00007FF7E71ECABC,?,?,00000000,00007FF7E71E398F,?,?,?,00007FF7E71E9243), ref: 00007FF7E71EA574
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7E71F2363,?,?,?,00007FF7E71ECABC,?,?,00000000,00007FF7E71E398F,?,?,?,00007FF7E71E9243), ref: 00007FF7E71EA595
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7E71F2363,?,?,?,00007FF7E71ECABC,?,?,00000000,00007FF7E71E398F,?,?,?,00007FF7E71E9243), ref: 00007FF7E71EA5C2
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7E71F2363,?,?,?,00007FF7E71ECABC,?,?,00000000,00007FF7E71E398F,?,?,?,00007FF7E71E9243), ref: 00007FF7E71EA5D3
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7E71F2363,?,?,?,00007FF7E71ECABC,?,?,00000000,00007FF7E71E398F,?,?,?,00007FF7E71E9243), ref: 00007FF7E71EA5E4
                                                                                                                                                                                                                                • SetLastError.KERNEL32(?,?,?,00007FF7E71F2363,?,?,?,00007FF7E71ECABC,?,?,00000000,00007FF7E71E398F,?,?,?,00007FF7E71E9243), ref: 00007FF7E71EA5FF
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Value$ErrorLast
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2506987500-0
                                                                                                                                                                                                                                • Opcode ID: 679a8f5ed95f4c44c4bc9ccb242736963b1e2f2654bfe38b80143c9ca5edf043
                                                                                                                                                                                                                                • Instruction ID: 2cdc1f76e22c140503dc4f6202bb88e74fb60d1487d4eb87ba5a3e31dbe94fe6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 679a8f5ed95f4c44c4bc9ccb242736963b1e2f2654bfe38b80143c9ca5edf043
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF215E20B0D34283FA58B321F645379E2669FC47B4F940636D93E866C6DE3CE4478223
                                                                                                                                                                                                                                Function 00007FF7E71F6F9C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                • String ID: CONOUT$
                                                                                                                                                                                                                                • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                • Opcode ID: 5d0318ae55f50b6dcee6d616b573d53fae0e0d17b0b79c1b3a6779b9b80778ff
                                                                                                                                                                                                                                • Instruction ID: 455925103bbc5498292e1f086ab2c81de9bc46348fe3237b168950e5ef8dba74
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d0318ae55f50b6dcee6d616b573d53fae0e0d17b0b79c1b3a6779b9b80778ff
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD11D021B18B4186E750AB02F854329F2A4FFC9FE4F840236EA2D83794DF3CD8168761
                                                                                                                                                                                                                                Function 00007FF8A92F1B4F Relevance: 9.1, APIs: 6, Instructions: 105COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: L_sk_numL_sk_value$X509_get_extension_flagsX509_get_signature_info
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 420811412-0
                                                                                                                                                                                                                                • Opcode ID: fdd1a17d0625aa889ce440010294d5dcaf350f69fc02d7329818360b4c3a8a86
                                                                                                                                                                                                                                • Instruction ID: 4cff43afa7a5103fa021e982632f8ef265decee099cef1f10cb71a852fd6638a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fdd1a17d0625aa889ce440010294d5dcaf350f69fc02d7329818360b4c3a8a86
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CB31E822B0EAC17AF6649E1A644167A62A1FF897C4F507030ED4DC3B96DF3CD5018B00
                                                                                                                                                                                                                                Function 00007FF8A82B37F0 Relevance: 9.1, APIs: 7, Instructions: 327stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • strchr.VCRUNTIME140(?,00000000,?,00007FF8A82B375B,?,?,00000000,00007FF8A82B2C97), ref: 00007FF8A82B390A
                                                                                                                                                                                                                                • strchr.VCRUNTIME140(?,00000000,?,00007FF8A82B375B,?,?,00000000,00007FF8A82B2C97), ref: 00007FF8A82B3938
                                                                                                                                                                                                                                • strchr.VCRUNTIME140(?,00000000,?,00007FF8A82B375B,?,?,00000000,00007FF8A82B2C97), ref: 00007FF8A82B394C
                                                                                                                                                                                                                                • strchr.VCRUNTIME140(?,00000000,?,00007FF8A82B375B,?,?,00000000,00007FF8A82B2C97), ref: 00007FF8A82B3B24
                                                                                                                                                                                                                                • strchr.VCRUNTIME140(?,00000000,?,00007FF8A82B375B,?,?,00000000,00007FF8A82B2C97), ref: 00007FF8A82B3B34
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: strchr
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2830005266-0
                                                                                                                                                                                                                                • Opcode ID: 41294343419ae3a9a5b1b52002eed454be2f73b69e5a402d77914a4dc71a9ea8
                                                                                                                                                                                                                                • Instruction ID: dc7b1283f174d95fbe5794e519be76516dd143301147026467d2f2bec0bb9a21
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 41294343419ae3a9a5b1b52002eed454be2f73b69e5a402d77914a4dc71a9ea8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1B1E562B0B68269FB758A2AD48C278A7D1EB45BE0F584131DF5C437C9DF3DE8868314
                                                                                                                                                                                                                                Function 00007FF8A9308B20 Relevance: 9.1, APIs: 6, Instructions: 67COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Y_free$X_ctrlX_freeX_new_idY_new
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1769623012-0
                                                                                                                                                                                                                                • Opcode ID: cd7a102d04317168cf9d8552561b9f1fefeb11ec2ac8f7538451c88604b89844
                                                                                                                                                                                                                                • Instruction ID: ae94feabd3f61d2567b8d02cc4a78cfbc24d0ee2c4f07f722d8fcac843aea8d0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cd7a102d04317168cf9d8552561b9f1fefeb11ec2ac8f7538451c88604b89844
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A0218325A0FF8259EA50DF59A55137AA2B0DF897C4F142034EA4D8BBAADE3DD4514A00
                                                                                                                                                                                                                                Function 00007FF7E71EA6C8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF7E71E437D,?,?,?,?,00007FF7E71EDCD7,?,?,00000000,00007FF7E71EA7E6,?,?,?), ref: 00007FF7E71EA6D7
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7E71E437D,?,?,?,?,00007FF7E71EDCD7,?,?,00000000,00007FF7E71EA7E6,?,?,?), ref: 00007FF7E71EA70D
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7E71E437D,?,?,?,?,00007FF7E71EDCD7,?,?,00000000,00007FF7E71EA7E6,?,?,?), ref: 00007FF7E71EA73A
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7E71E437D,?,?,?,?,00007FF7E71EDCD7,?,?,00000000,00007FF7E71EA7E6,?,?,?), ref: 00007FF7E71EA74B
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7E71E437D,?,?,?,?,00007FF7E71EDCD7,?,?,00000000,00007FF7E71EA7E6,?,?,?), ref: 00007FF7E71EA75C
                                                                                                                                                                                                                                • SetLastError.KERNEL32(?,?,?,00007FF7E71E437D,?,?,?,?,00007FF7E71EDCD7,?,?,00000000,00007FF7E71EA7E6,?,?,?), ref: 00007FF7E71EA777
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Value$ErrorLast
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2506987500-0
                                                                                                                                                                                                                                • Opcode ID: 06987274cb3614921fd840648349c1e43a66a502bcd42809fc0a8605467304b5
                                                                                                                                                                                                                                • Instruction ID: 573673b260cbd9232b9956ed372057351566bb338d231c068c2d9f32bc78cba5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 06987274cb3614921fd840648349c1e43a66a502bcd42809fc0a8605467304b5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F113824E0D34243FA58F331E645279E2A69FC47B0F840236E93E866D6DE3DA4478222
                                                                                                                                                                                                                                Function 00007FF8A92F19B5 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 251COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                                • API String ID: 0-1507966698
                                                                                                                                                                                                                                • Opcode ID: 51b3f5bf31d046f1e5e4412d3923fa1a346ecaa14b379591e19cad8dfdf720f2
                                                                                                                                                                                                                                • Instruction ID: ef3b14ed7257479e7bf5824db88d488cac093d6dc5390c458fab9f7c5819f819
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 51b3f5bf31d046f1e5e4412d3923fa1a346ecaa14b379591e19cad8dfdf720f2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4BB19F61A4EAC2A5FB609E12D5503BB22B5EF85BC8F085039DE4DC7BDADF6CE5418700
                                                                                                                                                                                                                                Function 00007FF7E71DE3A4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 162COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record__std_exception_copy
                                                                                                                                                                                                                                • String ID: csm$csm
                                                                                                                                                                                                                                • API String ID: 851805269-3733052814
                                                                                                                                                                                                                                • Opcode ID: 9800ab22ff9ec3031df11c68b1b6988b1d6dca39287b35c2ac61cac3dceebb2d
                                                                                                                                                                                                                                • Instruction ID: f9d572aae82b4524633bbc8b1dc4c96f076c1c135c5ddcd665fdf515b58185dd
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9800ab22ff9ec3031df11c68b1b6988b1d6dca39287b35c2ac61cac3dceebb2d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1B61B33290C74286EB24AF25E484368B7A0EB94B96F844133DBAD47795DF3CE456CF12
                                                                                                                                                                                                                                Function 00007FF7E71DC7E8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                                • String ID: csm$f
                                                                                                                                                                                                                                • API String ID: 2395640692-629598281
                                                                                                                                                                                                                                • Opcode ID: 2ca7bf8577ec542d0e69192cc971812b89960c92109ccbd26765ab8ebdf2d4b6
                                                                                                                                                                                                                                • Instruction ID: 8ab03f1e5c5987b3be264e862fcf2da6be140608e34c9f9cc8f31f93b4334bd9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2ca7bf8577ec542d0e69192cc971812b89960c92109ccbd26765ab8ebdf2d4b6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E51DA31A097018EEB18EF15F480B29B756FB80789F908536DB6E47744EF38E842CB15
                                                                                                                                                                                                                                Function 00007FF7E71D2240 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                                • String ID: Unhandled exception in script
                                                                                                                                                                                                                                • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                                • Opcode ID: 7d82fb9080f08f38887541d796cd93f6b84f8101b6940601e1502b8de02da7d5
                                                                                                                                                                                                                                • Instruction ID: cb5b9fe37d844b8ddb4b340d25d16d1e1dec8a841a9e313814fce1d7be4a8038
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7d82fb9080f08f38887541d796cd93f6b84f8101b6940601e1502b8de02da7d5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 29314032609B8289EB24EF61F8552E9B360FF89784F840136EA5E4BB55DF3CD146C712
                                                                                                                                                                                                                                Function 00007FF8A92F1C4E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: R_put_error
                                                                                                                                                                                                                                • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                • API String ID: 1767461275-1080266419
                                                                                                                                                                                                                                • Opcode ID: 2d803513d437006b8e8b5f04fd52412c3bd121a1b0b53b706d91ec809aaa0684
                                                                                                                                                                                                                                • Instruction ID: d17f45f99a3509375035331166c480ab36bed060542cd16a43f4e258df38e38f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2d803513d437006b8e8b5f04fd52412c3bd121a1b0b53b706d91ec809aaa0684
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF31AF62A0DEC196FB609F56E4403A922A1EB487DCF645234EB5C8B7E5EF3DC5458B00
                                                                                                                                                                                                                                Function 00007FF8A8A04F28 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 70COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722885346.00007FF8A8A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A8A00000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722869539.00007FF8A8A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A06000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A5C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AA7000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AAB000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AB0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8B05000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723115131.00007FF8A8B09000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723139253.00007FF8A8B0B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8a00000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Arg_ArgumentReadyUnicode_
                                                                                                                                                                                                                                • String ID: a unicode character$argument$east_asian_width
                                                                                                                                                                                                                                • API String ID: 1875788646-3913127203
                                                                                                                                                                                                                                • Opcode ID: f36d5312feb184fd59674f58b54733997b8d53dc8f7909c662cb7da225fa12d9
                                                                                                                                                                                                                                • Instruction ID: 94a51ccab9b0728d3b3358194ba27bf66d5640d192b97baabf0371632a30cfbb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f36d5312feb184fd59674f58b54733997b8d53dc8f7909c662cb7da225fa12d9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 59216D61B0BA06A2FB648B15D46337912B1FF84BD8F544035DA0E97384EF2DF84593AA
                                                                                                                                                                                                                                Function 00007FF8A8A04B48 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 70COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722885346.00007FF8A8A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A8A00000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722869539.00007FF8A8A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A06000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A5C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AA7000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AAB000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AB0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8B05000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723115131.00007FF8A8B09000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723139253.00007FF8A8B0B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8a00000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Arg_ArgumentReadyUnicode_
                                                                                                                                                                                                                                • String ID: a unicode character$argument$decomposition
                                                                                                                                                                                                                                • API String ID: 1875788646-2471543666
                                                                                                                                                                                                                                • Opcode ID: 922cd02f3d145214e9771c3c3ea48c5a6488ab2919ba49599783f695ada8680e
                                                                                                                                                                                                                                • Instruction ID: 2ec81a3af079b9187c730ec946238f0c2030031dfe569d729028c51540dacb2d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 922cd02f3d145214e9771c3c3ea48c5a6488ab2919ba49599783f695ada8680e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B2219A61B0B606A2FB648B15D56337922B1FF85BD8F444435CF0E862D4EF2CF856836A
                                                                                                                                                                                                                                Function 00007FF7E71D2620 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7E71D76B4,?,?,?,?,?,?,?,?,?,?,?,00007FF7E71D101D), ref: 00007FF7E71D2654
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D7420: GetLastError.KERNEL32(00000000,00007FF7E71D26A0), ref: 00007FF7E71D7447
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D7420: FormatMessageW.KERNEL32(00000000,00007FF7E71D26A0), ref: 00007FF7E71D7476
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D79A0: MultiByteToWideChar.KERNEL32 ref: 00007FF7E71D79DA
                                                                                                                                                                                                                                • MessageBoxW.USER32 ref: 00007FF7E71D272C
                                                                                                                                                                                                                                • MessageBoxA.USER32 ref: 00007FF7E71D2748
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Message$ErrorLast$ByteCharFormatMultiWide
                                                                                                                                                                                                                                • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                                                • API String ID: 2806210788-2410924014
                                                                                                                                                                                                                                • Opcode ID: 69e3767f8cdd6c35a8cd2c47750a455f0093d4d97caca0efebb433e2d8ab7874
                                                                                                                                                                                                                                • Instruction ID: 8cd49527202bd84aa7e6a306efb4d982036f231539c084f11b1ba1fc7675df7c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 69e3767f8cdd6c35a8cd2c47750a455f0093d4d97caca0efebb433e2d8ab7874
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4B315E72628B8291EA24EB10F4917EAA364FFC4785FC44037EB9D06699DF3CD206CB51
                                                                                                                                                                                                                                Function 00007FF8A8A01FB0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722885346.00007FF8A8A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A8A00000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722869539.00007FF8A8A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A06000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A5C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AA7000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AAB000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AB0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8B05000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723115131.00007FF8A8B09000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723139253.00007FF8A8B0B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8a00000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Err_strncmp$DataFormatFromKindStringUnicode_
                                                                                                                                                                                                                                • String ID: name too long$undefined character name '%s'
                                                                                                                                                                                                                                • API String ID: 2291325159-4056717002
                                                                                                                                                                                                                                • Opcode ID: 95aba1876839f9fd3170b2e5971c610c07243d632732ed76b3765bdfebe0e3c4
                                                                                                                                                                                                                                • Instruction ID: f51b05865b1a7f084d80198d4bf7741a8269b59317a7155631ef5189846c2028
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 95aba1876839f9fd3170b2e5971c610c07243d632732ed76b3765bdfebe0e3c4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 55111C71E0BB47A5FB008B54D8862B86374FB48799F500032CA1E47261EFBDF14AC76A
                                                                                                                                                                                                                                Function 00007FF7E71E8810 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                • Opcode ID: b22ba27cf5ec64e3c37270bb25822a4f1a3ee3e342d89922054c394a8bf0263d
                                                                                                                                                                                                                                • Instruction ID: c011b0edebd2ce68d606edbfcfa141f3ee425825320ecfe4ea0731393e438a4a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b22ba27cf5ec64e3c37270bb25822a4f1a3ee3e342d89922054c394a8bf0263d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 91F0A461A09B0241EB14AB24F8453399330EFC5755FC81236DA7D451E4CF3CD006C321
                                                                                                                                                                                                                                Function 00007FF8A808324C Relevance: 7.8, APIs: 2, Strings: 3, Instructions: 268stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memmovememsetstrncpy
                                                                                                                                                                                                                                • String ID: ..\s\crypto\x509\x509_obj.c$0123456789ABCDEF$NO X509_NAME
                                                                                                                                                                                                                                • API String ID: 899670095-3422593365
                                                                                                                                                                                                                                • Opcode ID: 331bd5d58ffab7b5022c9aa9d8f25c0b60d8728804f5abbc57f68da67e06c8cf
                                                                                                                                                                                                                                • Instruction ID: 83b65de568a3a097bb7987a8bb9040dd0cdf9f0a1c11d72cea49d5e16798effc
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 331bd5d58ffab7b5022c9aa9d8f25c0b60d8728804f5abbc57f68da67e06c8cf
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AEB10262A0EA86A6EF109B25D40037AB7E0FB55BC4F088135DE9E477C9DF3DE4418725
                                                                                                                                                                                                                                Function 00007FF8A8085371 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 166COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memmove
                                                                                                                                                                                                                                • String ID: ..\s\crypto\pem\pem_lib.c$;$Enter PEM pass phrase:
                                                                                                                                                                                                                                • API String ID: 2162964266-3733131234
                                                                                                                                                                                                                                • Opcode ID: 8fe84b7b5941e432665025a114fcc150736b15ceb5b1fa18c4e66cb3bc413d90
                                                                                                                                                                                                                                • Instruction ID: 946ee23b84830290c595d6637386dd914fa93f210a0bb062855e429893af7b3b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8fe84b7b5941e432665025a114fcc150736b15ceb5b1fa18c4e66cb3bc413d90
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C371A262A0A682A6EB30DF21E4407BA7390FB947D4F400135EB5D47AC9EF7CE551CB28
                                                                                                                                                                                                                                Function 00007FF7E71F86D4 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _set_statfp
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1156100317-0
                                                                                                                                                                                                                                • Opcode ID: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                                                                                                                                • Instruction ID: 84eff07cf34d7ef4d1c68c6f3ca1ac7bb33ca5062f75dc06944f343170a53951
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D9118F66E5CB4305F75C3164F45237994406FD53A4F940B36EB7E1A2E6CE3CA8A34132
                                                                                                                                                                                                                                Function 00007FF7E71EA790 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FlsGetValue.KERNEL32(?,?,?,00007FF7E71E99A3,?,?,00000000,00007FF7E71E9C3E,?,?,?,?,?,00007FF7E71E211C), ref: 00007FF7E71EA7AF
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7E71E99A3,?,?,00000000,00007FF7E71E9C3E,?,?,?,?,?,00007FF7E71E211C), ref: 00007FF7E71EA7CE
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7E71E99A3,?,?,00000000,00007FF7E71E9C3E,?,?,?,?,?,00007FF7E71E211C), ref: 00007FF7E71EA7F6
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7E71E99A3,?,?,00000000,00007FF7E71E9C3E,?,?,?,?,?,00007FF7E71E211C), ref: 00007FF7E71EA807
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7E71E99A3,?,?,00000000,00007FF7E71E9C3E,?,?,?,?,?,00007FF7E71E211C), ref: 00007FF7E71EA818
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Value
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3702945584-0
                                                                                                                                                                                                                                • Opcode ID: 9e804fd289b4b3ef91baa5930f6d3ebb166ce1e0dbc6b955ff6578ee9fb93aad
                                                                                                                                                                                                                                • Instruction ID: d5eeabedc25729b4e0f8c0f6eed0f2754fa6855549d79e58a5f6690bfc32d516
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e804fd289b4b3ef91baa5930f6d3ebb166ce1e0dbc6b955ff6578ee9fb93aad
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4B114D20F0D70243FA58B325F645779D2569F847B0F885236D93D866D6DE3CA4478222
                                                                                                                                                                                                                                Function 00007FF7E71EA624 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7E71F2363,?,?,?,00007FF7E71ECABC,?,?,00000000,00007FF7E71E398F), ref: 00007FF7E71EA635
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7E71F2363,?,?,?,00007FF7E71ECABC,?,?,00000000,00007FF7E71E398F), ref: 00007FF7E71EA654
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7E71F2363,?,?,?,00007FF7E71ECABC,?,?,00000000,00007FF7E71E398F), ref: 00007FF7E71EA67C
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7E71F2363,?,?,?,00007FF7E71ECABC,?,?,00000000,00007FF7E71E398F), ref: 00007FF7E71EA68D
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7E71F2363,?,?,?,00007FF7E71ECABC,?,?,00000000,00007FF7E71E398F), ref: 00007FF7E71EA69E
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Value
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3702945584-0
                                                                                                                                                                                                                                • Opcode ID: abd555598871f52e6c51055266dbbfd9f3064b5a0b37023567c52a13d64941c3
                                                                                                                                                                                                                                • Instruction ID: 856011661a76659a8d524d540cf2a579bb0b887f4891215d89f394e2167bbaf1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: abd555598871f52e6c51055266dbbfd9f3064b5a0b37023567c52a13d64941c3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2611C520E0930343FA58B631E5553B992569FCA374E991636D93E8A2D6DD3CB8478233
                                                                                                                                                                                                                                Function 00007FF7E71EF0C8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                • Opcode ID: 0a85a650483ad60012865602343b5a273e15b3a1a81ddf8674274c6c15df3bc7
                                                                                                                                                                                                                                • Instruction ID: 3d3c0ff671adf808035cb89a4006415650950afda0442d3fb5a85e081d6be77c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0a85a650483ad60012865602343b5a273e15b3a1a81ddf8674274c6c15df3bc7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FA817376D283C387F6E46E25E100378A698EB95784FD54036DE29D7285DB3DE5039323
                                                                                                                                                                                                                                Function 00007FF8A8228F10 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 164COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: ,Reason=$..\s\crypto\ocsp\ocsp_ht.c$Code=
                                                                                                                                                                                                                                • API String ID: 0-3537114172
                                                                                                                                                                                                                                • Opcode ID: 7672857414660bc8a8195c2c59cdcbe769d35fde41cd35e93c0dcfabc3770a3e
                                                                                                                                                                                                                                • Instruction ID: 4bf54a4ec72fdff0a8de2d83a8e2ca5291a3fd8251da7d2a070e85c9c9c3ac95
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7672857414660bc8a8195c2c59cdcbe769d35fde41cd35e93c0dcfabc3770a3e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3661F462A0E99296FB109B21941037977D0FF513C4F584031EB9D47ACAEF3EE5A5CB28
                                                                                                                                                                                                                                Function 00007FF7E71DE048 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                • String ID: MOC$RCC
                                                                                                                                                                                                                                • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                • Opcode ID: b915d9317e93b4a578d272aa80a630b017422358f6ab493f0d79254b27da14c1
                                                                                                                                                                                                                                • Instruction ID: a9a77a9b453d8a5502f18ddc12444421bc0db40da9cca548e5723c79b417445b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b915d9317e93b4a578d272aa80a630b017422358f6ab493f0d79254b27da14c1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1F618033A08B468AE710DF65E4803ADB7A0F784B89F444226EF5D17B94DF38E146CB11
                                                                                                                                                                                                                                Function 00007FF8A808164F Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 84COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: BIO[%p]: $bio callback - unknown type (%d)
                                                                                                                                                                                                                                • API String ID: 0-3830480438
                                                                                                                                                                                                                                • Opcode ID: 2b7efa2d7f133983195eaa96ed7ade69ce15e9783328cbf5c8911cc1fb04b7fd
                                                                                                                                                                                                                                • Instruction ID: b7027c8ac435577f48d21978d4f1b29902820726d113c5adfa33945e0a7eab1b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b7efa2d7f133983195eaa96ed7ade69ce15e9783328cbf5c8911cc1fb04b7fd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AC31E162B0AA81A6FB118B65E8807B97690FB897C4F404031EE4E87795EF3CD486CB14
                                                                                                                                                                                                                                Function 00007FF8A8087351 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 82COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: ..\s\crypto\bio\b_sock.c$J$host=
                                                                                                                                                                                                                                • API String ID: 0-1729655730
                                                                                                                                                                                                                                • Opcode ID: f7b754c11304da003edd5ed262f6ae4f6132df29b36aa80617260aab0202085c
                                                                                                                                                                                                                                • Instruction ID: 88c5052f07dfce688d45f2069752652ce35d4fb13d166276cf97a32e4a1e4455
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f7b754c11304da003edd5ed262f6ae4f6132df29b36aa80617260aab0202085c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D31CF72B0964196EB10DB56F44126EB3A0FB857C0F500035EB8C87BAAEF7DE591CB18
                                                                                                                                                                                                                                Function 00007FF8A931E920 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: R_put_error
                                                                                                                                                                                                                                • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                • API String ID: 1767461275-1080266419
                                                                                                                                                                                                                                • Opcode ID: 847d751282164a50081f5bb4138e8659233ca6d58bd6895a601d2cdda6b8fafc
                                                                                                                                                                                                                                • Instruction ID: 585392b987e7908a11ac054c50ff0f77274ee69f84b58115fd2ae69727cc0d42
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 847d751282164a50081f5bb4138e8659233ca6d58bd6895a601d2cdda6b8fafc
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E317C32A0EAC196EB60DF15E4443A97670FB88BC8F641535EE8A877A9DF3DD451CB00
                                                                                                                                                                                                                                Function 00007FF7E71D24D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                                • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                                                • API String ID: 1878133881-2410924014
                                                                                                                                                                                                                                • Opcode ID: 87d498f1f2eba1085113bd965dcd85bf0b0aec07eea02affa6468b175f4c1a2f
                                                                                                                                                                                                                                • Instruction ID: 65cf70271a4ebc3dcbe2358d7cd2b2d53040f320e6b37d7d9817d12062056351
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 87d498f1f2eba1085113bd965dcd85bf0b0aec07eea02affa6468b175f4c1a2f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62314E72628B8291EA24FB10F4517EAA365FFC4784FC44036EB9D46699DE3CD306CB61
                                                                                                                                                                                                                                Function 00007FF8A80811B3 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61networkCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLastacceptclosesocket
                                                                                                                                                                                                                                • String ID: ..\s\crypto\bio\b_sock2.c
                                                                                                                                                                                                                                • API String ID: 3541127826-3200932406
                                                                                                                                                                                                                                • Opcode ID: 5d140a51ca35b2a0dc11cd9821e34d4a8ce9bccb314edc7a519d8550e7cb716c
                                                                                                                                                                                                                                • Instruction ID: 08d098633ed0f1675e78fba7d6511c061a36243d2b570a323279f40e25a60dbe
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d140a51ca35b2a0dc11cd9821e34d4a8ce9bccb314edc7a519d8550e7cb716c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1C21F8B1B0AA46A6FB209B21E8452B97390FF447E4F404231E95E477D5EF3CE454CB68
                                                                                                                                                                                                                                Function 00007FF8A9343A15 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: L_sk_pop_free$E_freeL_sk_newL_sk_pushX509_
                                                                                                                                                                                                                                • String ID: ..\s\ssl\statem\statem_lib.c
                                                                                                                                                                                                                                • API String ID: 3595667005-2839845709
                                                                                                                                                                                                                                • Opcode ID: aa40c92260d1995d4b12df5aa186b132f4b3732805d06ea82ad43145b965e024
                                                                                                                                                                                                                                • Instruction ID: b86f7fec7ef4a2ec5426a619d04ea2698558a3c0d6357ec61770b5c93e2457ec
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa40c92260d1995d4b12df5aa186b132f4b3732805d06ea82ad43145b965e024
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9801F922A1EA81A9F600DF16F8006A936B0FB487C4F546135EE4C83B55DF3CD441CB00
                                                                                                                                                                                                                                Function 00007FF8A931AB2B Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_free_allO_int_ctrlO_newO_nextO_popO_pushO_s_socketO_up_refR_put_error
                                                                                                                                                                                                                                • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                • API String ID: 2360723678-1080266419
                                                                                                                                                                                                                                • Opcode ID: 7c74b7675c76777314ee06e766cb82ef415fcbd4f0bc4c051b5e5d8ca2f0561e
                                                                                                                                                                                                                                • Instruction ID: 5a2bdf5dea74277f24801f8e6ff33f5de3e6e00b69363ca7e291e572acb58969
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7c74b7675c76777314ee06e766cb82ef415fcbd4f0bc4c051b5e5d8ca2f0561e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 79F09022A0EAC296FA00DF16F40169A67B0EB887C8F545430EA4C87B5AEF3CD541CB00
                                                                                                                                                                                                                                Function 00007FF8A8A058C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722885346.00007FF8A8A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A8A00000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722869539.00007FF8A8A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A06000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A5C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AA7000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AAB000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AB0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8B05000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723115131.00007FF8A8B09000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723139253.00007FF8A8B0B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8a00000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DoubleErr_Float_FromNumericStringUnicode_
                                                                                                                                                                                                                                • String ID: not a numeric character
                                                                                                                                                                                                                                • API String ID: 727557307-2058156748
                                                                                                                                                                                                                                • Opcode ID: 90b7b1040abb4b97ffc32021ebaf555ce9bddc1eccaedf9bf0701c92034c5d27
                                                                                                                                                                                                                                • Instruction ID: d2d97991fa8e97c22a1fd6c106cbd57de0c906493e005e09d943ee4947478917
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 90b7b1040abb4b97ffc32021ebaf555ce9bddc1eccaedf9bf0701c92034c5d27
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F11E921D0FE46B5FB1487A1D45213813B0EF487E4F548430C54E632A0FF2CF885C22A
                                                                                                                                                                                                                                Function 00007FF8A8A04AC8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722885346.00007FF8A8A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A8A00000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722869539.00007FF8A8A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A06000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A5C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AA7000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AAB000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AB0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8B05000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723115131.00007FF8A8B09000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723139253.00007FF8A8B0B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8a00000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DecimalDigitErr_FromLongLong_StringUnicode_
                                                                                                                                                                                                                                • String ID: not a decimal
                                                                                                                                                                                                                                • API String ID: 2585962759-3590249192
                                                                                                                                                                                                                                • Opcode ID: 042ddd67f878e7f9465f185b59bd50f2d649d6a68f76da27a05ce4f0d5cb4412
                                                                                                                                                                                                                                • Instruction ID: daac5c059413606b0c0fb330735894ba0e47a505a98bc5f946681554a72d3a4c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 042ddd67f878e7f9465f185b59bd50f2d649d6a68f76da27a05ce4f0d5cb4412
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 36015221E0FA42A1EF048B25D49523826B1FF95BCDF588030CA0E86291FF2CF845C329
                                                                                                                                                                                                                                Function 00007FF7E71D3B80 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,00007FF7E71D3679), ref: 00007FF7E71D3BB1
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D2620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7E71D76B4,?,?,?,?,?,?,?,?,?,?,?,00007FF7E71D101D), ref: 00007FF7E71D2654
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71D2620: MessageBoxW.USER32 ref: 00007FF7E71D272C
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorFileLastMessageModuleName
                                                                                                                                                                                                                                • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                                                                                                • API String ID: 2581892565-1977442011
                                                                                                                                                                                                                                • Opcode ID: ecd9224541c82b8805659ffed1dacaf8541a9c5a4d14f69c88a104199cf53391
                                                                                                                                                                                                                                • Instruction ID: 523180b79b99d85201dc5fe24b8380c5988acbd7e05506e52c36f2574e962741
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ecd9224541c82b8805659ffed1dacaf8541a9c5a4d14f69c88a104199cf53391
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16018D21B1C74281FA54F714F4863B59355AFD87C5FC41033DA6E86252DE7DE2078B22
                                                                                                                                                                                                                                Function 00007FF8A82A26F0 Relevance: 6.5, APIs: 5, Instructions: 218COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcmp
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1475443563-0
                                                                                                                                                                                                                                • Opcode ID: 6eede35ed34df6884cfaebe39a9868ddde1e4d6f7a31935b052b1a33c3694b1b
                                                                                                                                                                                                                                • Instruction ID: 1c8b9938465525ec7324c3c59dbce05b8e6ecf9a338856e55add21d8c888219b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6eede35ed34df6884cfaebe39a9868ddde1e4d6f7a31935b052b1a33c3694b1b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1481B421F0A653A9FF209A62D9501BDA3A2FF54BC8F505032DE4D5BA8DEF38E445C324
                                                                                                                                                                                                                                Function 00007FF8A8082E50 Relevance: 6.4, APIs: 2, Strings: 2, Instructions: 368COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memset
                                                                                                                                                                                                                                • String ID: ..\s\crypto\sm2\sm2_crypt.c$@
                                                                                                                                                                                                                                • API String ID: 2221118986-485510600
                                                                                                                                                                                                                                • Opcode ID: 46ba152a4ee3f2e4d8dbeda11da41e2cccc771da06ded5d3876a2d78f4a9ce4d
                                                                                                                                                                                                                                • Instruction ID: d0d3075b0385d68cf9af8e49bada5d2d16d886e391a28b3f11638135a5297beb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 46ba152a4ee3f2e4d8dbeda11da41e2cccc771da06ded5d3876a2d78f4a9ce4d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9CF1B132A0AB82A6EB20DF15E4006BAB7A0FB85BC4F404135EE8D07799DF7CE555C718
                                                                                                                                                                                                                                Function 00007FF7E71EB9A0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2718003287-0
                                                                                                                                                                                                                                • Opcode ID: 3b6644ee017022d719a3afab9fc978a5fba374dbb9fb0623c46dfb0064678277
                                                                                                                                                                                                                                • Instruction ID: 88e532a4fdf59903b4ca8d8e429bf82b801224b392058e119db59032fe288263
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3b6644ee017022d719a3afab9fc978a5fba374dbb9fb0623c46dfb0064678277
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2CD10632B18B418AE721DF65E4806AC77B1FB84798B844137DE6E97B99DE38E017C311
                                                                                                                                                                                                                                Function 00007FF8A80846D8 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 226COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: )$..\s\crypto\evp\p5_crpt.c
                                                                                                                                                                                                                                • API String ID: 0-3563398421
                                                                                                                                                                                                                                • Opcode ID: b935aa7f4b79a91aef52fcef466cdce5ad720e332aed8398555c8c4331f7a9a1
                                                                                                                                                                                                                                • Instruction ID: 073e67ffe5a0b3ed63e9bb47346ea18b407357c8af09d8d8c85508cd9d2d8752
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b935aa7f4b79a91aef52fcef466cdce5ad720e332aed8398555c8c4331f7a9a1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BA91A66260E647AAFA60DB21D4016BA73A0FF857C0F444031ED4D47ADADF3DE991CB28
                                                                                                                                                                                                                                Function 00007FF7E71EC360 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF7E71EC34B), ref: 00007FF7E71EC47C
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF7E71EC34B), ref: 00007FF7E71EC507
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 953036326-0
                                                                                                                                                                                                                                • Opcode ID: d1123a7759acd2de89f70fbc91131bac1b02d2ce66ed859b546e10adeb5b6b1d
                                                                                                                                                                                                                                • Instruction ID: 68c114b65b4ee6bc7ccd891c4980870f6b2a71a687c7335b76591960bca0899a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d1123a7759acd2de89f70fbc91131bac1b02d2ce66ed859b546e10adeb5b6b1d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2091B672B1875146F750AF25E84037DABA0FF84B88F945137DE2E92784DE38E4438722
                                                                                                                                                                                                                                Function 00007FF8A8A02030 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 196stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722885346.00007FF8A8A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A8A00000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722869539.00007FF8A8A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A06000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A5C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AA7000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AAB000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AB0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8B05000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723115131.00007FF8A8B09000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723139253.00007FF8A8B0B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8a00000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: strncmp
                                                                                                                                                                                                                                • String ID: CJK UNIFIED IDEOGRAPH-$HANGUL SYLLABLE
                                                                                                                                                                                                                                • API String ID: 1114863663-87138338
                                                                                                                                                                                                                                • Opcode ID: 14f9320c906fb511941c899fd50664b3a183386e9497cb69d43e80ccf855167b
                                                                                                                                                                                                                                • Instruction ID: a1dce32aed0291867d062ffc8922206c900f14ccfc2556efcad04eee5c9c7b6c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 14f9320c906fb511941c899fd50664b3a183386e9497cb69d43e80ccf855167b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AA712132B0B64266E762CB25A8016BA72B1FF94BC5F540231EA5E476C5FF3CF8058719
                                                                                                                                                                                                                                Function 00007FF8A8133450 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 164stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: strncmp
                                                                                                                                                                                                                                • String ID: content-type
                                                                                                                                                                                                                                • API String ID: 1114863663-3266185539
                                                                                                                                                                                                                                • Opcode ID: 4ea6b44201048aa57569960e6cbecb330c5f63587b6b0d17f4634f1b4d239308
                                                                                                                                                                                                                                • Instruction ID: f7104ad56192c070683d01f14698dcb15689ccf79097a7414e52864399e9b781
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4ea6b44201048aa57569960e6cbecb330c5f63587b6b0d17f4634f1b4d239308
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E2510661B0EA4266FAA28725B55037A6290FF41BE8F042230DE5E477C5DF3CD242C72C
                                                                                                                                                                                                                                Function 00007FF8A808112C Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memmove
                                                                                                                                                                                                                                • String ID: ..\s\crypto\ct\ct_oct.c
                                                                                                                                                                                                                                • API String ID: 2162964266-1972679481
                                                                                                                                                                                                                                • Opcode ID: e74995c80c70969753bc7f82451ce2d68cce3f788a97597acd1f67b5f1883d60
                                                                                                                                                                                                                                • Instruction ID: a05f15cb632bc547032e4130267f2a4557d8e1c442cb0f2f2e8ed08c2b248be2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e74995c80c70969753bc7f82451ce2d68cce3f788a97597acd1f67b5f1883d60
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3A719362A0E691AAE726DF25801157C3BB1FB55BC4F044176DE4C4738AEF3CE694CB28
                                                                                                                                                                                                                                Function 00007FF8A80851A5 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 118stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: strchr
                                                                                                                                                                                                                                • String ID: +-.$..\s\crypto\store\store_register.c$scheme=
                                                                                                                                                                                                                                • API String ID: 2830005266-2643984209
                                                                                                                                                                                                                                • Opcode ID: c4ad2adc88f7af0c1d80e554f3a7ebc0ff2efccd77e362ce6c836e8764d26730
                                                                                                                                                                                                                                • Instruction ID: 32019ce80313a297fff7d1104bbd3d2c2d00a306281d542e18140eeb795f2348
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c4ad2adc88f7af0c1d80e554f3a7ebc0ff2efccd77e362ce6c836e8764d26730
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FE517E21A0BA53A6FF609B12D4542B973A1EF40BC4F880035DA4C97699DF3CE9958728
                                                                                                                                                                                                                                Function 00007FF8A80823BA Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 87COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memset
                                                                                                                                                                                                                                • String ID: ..\s\crypto\buffer\buffer.c$c
                                                                                                                                                                                                                                • API String ID: 2221118986-1501028754
                                                                                                                                                                                                                                • Opcode ID: 5b87d586cf4dc39aea692cc76c673ced3dbe4c204831252cf59d6b6975b04c65
                                                                                                                                                                                                                                • Instruction ID: b1838f5d576ae15cd93ea033d396914824ff90d55dd0925cff299855ecc079a5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5b87d586cf4dc39aea692cc76c673ced3dbe4c204831252cf59d6b6975b04c65
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4E31D232B0A68196EB11CB15F4402B963A0FB48BC8F444535DF4D47B99DF3CE5A6CB18
                                                                                                                                                                                                                                Function 00007FF8A82ACB10 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 63stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: strncmp
                                                                                                                                                                                                                                • String ID: ASN1:$DER:
                                                                                                                                                                                                                                • API String ID: 1114863663-1445514312
                                                                                                                                                                                                                                • Opcode ID: 5e28ab8016f658f7ac30c45286e0504713d1acc923e26fef341e740adc3428fd
                                                                                                                                                                                                                                • Instruction ID: 5db61052bcc175a088736218d06d03ad561e5e4f870472fe67dfd65ab3ab87cd
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5e28ab8016f658f7ac30c45286e0504713d1acc923e26fef341e740adc3428fd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C3212861B0DA81A5FB508B21A94037AB7A0FF84BD4F481530DA9E437C8DF3EE610C714
                                                                                                                                                                                                                                Function 00007FF8A92F18FC Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Calc_D_priv_bytesL_cleanseN_bin2bn
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4178199679-0
                                                                                                                                                                                                                                • Opcode ID: 13717ff360d6b02c216483c690ed7dd06748524545c45099944b83d41051d5ff
                                                                                                                                                                                                                                • Instruction ID: 89f70d5bd4f13b606aa35dba29e600d4d81b1c764fc569fc5eb49e70ecb37dd5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 13717ff360d6b02c216483c690ed7dd06748524545c45099944b83d41051d5ff
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 68212122A1EEC195FB919F15E4503A962F0FF48BC8F486036DA4C8A799DF7CE5418B80
                                                                                                                                                                                                                                Function 00007FF8A80822CF Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 57stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: strcmp
                                                                                                                                                                                                                                • String ID: ..\s\crypto\pem\pem_pkey.c$DH PARAMETERS$X9.42 DH PARAMETERS
                                                                                                                                                                                                                                • API String ID: 1004003707-3633731555
                                                                                                                                                                                                                                • Opcode ID: 839ae0263380899899197dd2457bd8dbfe3de3b111a238dbcc90d4e2215c9260
                                                                                                                                                                                                                                • Instruction ID: 7935ce92f6ab1497f9e2c2a07b4f69e2646485d6ffcb58038318fe578c42ef22
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 839ae0263380899899197dd2457bd8dbfe3de3b111a238dbcc90d4e2215c9260
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 89217421A0EF46A2EB20DB55E4101B9B3A0FF947D0F444036EA8C47799EF7CD595CB28
                                                                                                                                                                                                                                Function 00007FF7E71D1F70 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1956198572-0
                                                                                                                                                                                                                                • Opcode ID: 162ef6909b0da24e61350fefbcaa0130b5f771c4d53ef42d88aea1c24daf7f6c
                                                                                                                                                                                                                                • Instruction ID: 7ae150d53b8b86cb67fa86c5e81452d3956d568a63a99bc336b13b90577f37e1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 162ef6909b0da24e61350fefbcaa0130b5f771c4d53ef42d88aea1c24daf7f6c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8C110021E1834241F654A759F5843FA9292EFC9BC1FC94032EB6907B8DCE3CD4D75612
                                                                                                                                                                                                                                Function 00007FF8A92F19C9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_find_typeO_get_data
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 280995463-0
                                                                                                                                                                                                                                • Opcode ID: 55bb9ab577713c48f03e10ed0a358675e4ccdc34a6c9781f0ae84dd772a97ccb
                                                                                                                                                                                                                                • Instruction ID: 56bd16208148288e022ca2ac1dbf86d4ecb703ba99ad352bae810ded1ed0aba9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 55bb9ab577713c48f03e10ed0a358675e4ccdc34a6c9781f0ae84dd772a97ccb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EA019211F0FAC2A1FA449E57A05427A6290DF88FC4F489030ED6D8BB8EDE9CE8518704
                                                                                                                                                                                                                                Function 00007FF8A80869C9 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memmovememset
                                                                                                                                                                                                                                • String ID: $$..\s\crypto\rsa\rsa_none.c
                                                                                                                                                                                                                                • API String ID: 1288253900-779172340
                                                                                                                                                                                                                                • Opcode ID: fff434aa3adaa680fae11fcc69398c2d27884fa0413e783327ef66dbb4cd5250
                                                                                                                                                                                                                                • Instruction ID: f500aba9d8b56623ecd5977b6cc1affd92567eb100fe86741bdfb647fecbd30f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fff434aa3adaa680fae11fcc69398c2d27884fa0413e783327ef66dbb4cd5250
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C01D831B0A64256E620DF16A9441B9B761FF857D0F148130FB4C47B9DDF3CD5518B14
                                                                                                                                                                                                                                Function 00007FF8A9341980 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • memcpy.VCRUNTIME140 ref: 00007FF8A9341A57
                                                                                                                                                                                                                                  • Part of subcall function 00007FF8A92F1032: EVP_CIPHER_CTX_cipher.LIBCRYPTO-1_1 ref: 00007FF8A93406F6
                                                                                                                                                                                                                                  • Part of subcall function 00007FF8A92F1032: EVP_CIPHER_flags.LIBCRYPTO-1_1 ref: 00007FF8A93406FE
                                                                                                                                                                                                                                  • Part of subcall function 00007FF8A92F1032: EVP_MD_CTX_md.LIBCRYPTO-1_1 ref: 00007FF8A9340710
                                                                                                                                                                                                                                  • Part of subcall function 00007FF8A92F1032: EVP_MD_size.LIBCRYPTO-1_1 ref: 00007FF8A9340718
                                                                                                                                                                                                                                  • Part of subcall function 00007FF8A92F1032: EVP_CIPHER_CTX_cipher.LIBCRYPTO-1_1 ref: 00007FF8A9340731
                                                                                                                                                                                                                                  • Part of subcall function 00007FF8A92F1032: EVP_CIPHER_flags.LIBCRYPTO-1_1 ref: 00007FF8A9340739
                                                                                                                                                                                                                                  • Part of subcall function 00007FF8A92F1032: EVP_CIPHER_CTX_block_size.LIBCRYPTO-1_1 ref: 00007FF8A934074F
                                                                                                                                                                                                                                  • Part of subcall function 00007FF8A92F1032: BIO_ctrl.LIBCRYPTO-1_1 ref: 00007FF8A93407C3
                                                                                                                                                                                                                                • BIO_ctrl.LIBCRYPTO-1_1 ref: 00007FF8A9341B87
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_ctrlR_flagsX_cipher$D_sizeX_block_sizeX_mdmemcpy
                                                                                                                                                                                                                                • String ID: ..\s\ssl\statem\statem_dtls.c
                                                                                                                                                                                                                                • API String ID: 1483294773-3140652063
                                                                                                                                                                                                                                • Opcode ID: 65bc36109f87ded58f1468487f4347a594c1ba6b7d43bbdfc4a547d652be14ea
                                                                                                                                                                                                                                • Instruction ID: 44a0f05a308bed3cda279f39ec51e2f236ff6838c74ff3c939b42a90f76ec69c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 65bc36109f87ded58f1468487f4347a594c1ba6b7d43bbdfc4a547d652be14ea
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4C617A32209BC4A2E784DF16E5847AA77A8FB88B80F514136EF9C83756DF38D464C700
                                                                                                                                                                                                                                Function 00007FF7E71F4C6C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID: ?
                                                                                                                                                                                                                                • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                • Opcode ID: 814948e3221e39c8f46cf349b38774dda4ab7a8497a902a8fbf1b82dff6223ab
                                                                                                                                                                                                                                • Instruction ID: dc742c933d4e5f9f3e476a8444e1fed128d1e19b09272340315672a4defe11e4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 814948e3221e39c8f46cf349b38774dda4ab7a8497a902a8fbf1b82dff6223ab
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD41B312A1878246FB78AB25F401379E6A0EFD07A4F944237EF6C46AD9DE3CD4538711
                                                                                                                                                                                                                                Function 00007FF8A8081DD9 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 113COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: getaddrinfo
                                                                                                                                                                                                                                • String ID: ..\s\crypto\bio\b_addr.c
                                                                                                                                                                                                                                • API String ID: 300660673-2547254400
                                                                                                                                                                                                                                • Opcode ID: 771589308279e72556af8e05230908b6e5bd466e7e0002c3b317445296434c65
                                                                                                                                                                                                                                • Instruction ID: 6f14a7f701ca78209258b32a8b2105db2a03bba2e6efebf9516621757774e383
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 771589308279e72556af8e05230908b6e5bd466e7e0002c3b317445296434c65
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B741D5B2A19682D7F761CF12A444AAE73A0FB847C4F504135EA8E83B85DF3CD885CB54
                                                                                                                                                                                                                                Function 00007FF7E71E7D9C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E71E7DCE
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71E9D48: HeapFree.KERNEL32(?,?,?,00007FF7E71F1D72,?,?,?,00007FF7E71F1DAF,?,?,00000000,00007FF7E71F2275,?,?,?,00007FF7E71F21A7), ref: 00007FF7E71E9D5E
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7E71E9D48: GetLastError.KERNEL32(?,?,?,00007FF7E71F1D72,?,?,?,00007FF7E71F1DAF,?,?,00000000,00007FF7E71F2275,?,?,?,00007FF7E71F21A7), ref: 00007FF7E71E9D68
                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF7E71DADA5), ref: 00007FF7E71E7DEC
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID: C:\Users\user\Desktop\wsx.exe
                                                                                                                                                                                                                                • API String ID: 3580290477-2252155340
                                                                                                                                                                                                                                • Opcode ID: 78bb50e8dbf74795731634f2bf23dc57cb2593a68118be5c005d29b839edbd54
                                                                                                                                                                                                                                • Instruction ID: fe6651bf93def5140c5bd12bbebf4bdb83f707dac9fad70197528b0497c54f1c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 78bb50e8dbf74795731634f2bf23dc57cb2593a68118be5c005d29b839edbd54
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 07414136A0871286F715EF25E8402F9B7A4FF84794B944036E96E87745DF3CE4928362
                                                                                                                                                                                                                                Function 00007FF7E71EC038 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                • String ID: U
                                                                                                                                                                                                                                • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                • Opcode ID: 25d3c82af5dee18dec41a6839be42a4efbc899a14913ea0c1072e724c64aea02
                                                                                                                                                                                                                                • Instruction ID: 64e6eb64b230df994e44bf9ac783c5bdef570d073f992b6904f266874684ede3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 25d3c82af5dee18dec41a6839be42a4efbc899a14913ea0c1072e724c64aea02
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6D41B432718B4186DB20EF25F8443AAA761FB88794F944032EE5D87798DF3CE442C751
                                                                                                                                                                                                                                Function 00007FF7E71EE438 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentDirectory
                                                                                                                                                                                                                                • String ID: :
                                                                                                                                                                                                                                • API String ID: 1611563598-336475711
                                                                                                                                                                                                                                • Opcode ID: 4e53f776409002b20d4ddb835971d11a9637ed93fbd7b6ab35eb1d8227726c82
                                                                                                                                                                                                                                • Instruction ID: 0e7b3ad9aa68a1b4ae70c4cad15029da38746bf6741badb2a76affc70e5b4bf7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4e53f776409002b20d4ddb835971d11a9637ed93fbd7b6ab35eb1d8227726c82
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 85218472A0874282FB24EB25E44836DA3B1FBC4B44F854036D65D87284DF7CE946C762
                                                                                                                                                                                                                                Function 00007FF8A92F1E15 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                                                                • String ID: ..\s\ssl\statem\statem_srvr.c
                                                                                                                                                                                                                                • API String ID: 3946675294-348624464
                                                                                                                                                                                                                                • Opcode ID: f72d8c808f0ddc2858006bf43311b3eaee8c549827a86fdfb0cacc211c15fd48
                                                                                                                                                                                                                                • Instruction ID: 89df4cb4d60420e11a1ba00ccee298e11ee19d0dff79a22c38c0f12ddc3b3674
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f72d8c808f0ddc2858006bf43311b3eaee8c549827a86fdfb0cacc211c15fd48
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E21B232B0EA8296FB50DF11D4947B827A1EBC9784F925131DA4DC778ACE7CD581C702
                                                                                                                                                                                                                                Function 00007FF8A80850B5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61networkCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLastgetsockname
                                                                                                                                                                                                                                • String ID: ..\s\crypto\bio\b_sock.c
                                                                                                                                                                                                                                • API String ID: 566540725-540685895
                                                                                                                                                                                                                                • Opcode ID: 230d538b329935829540f5cac83dfc4c1f0c1c81990223f20d16048a10e733e9
                                                                                                                                                                                                                                • Instruction ID: 60774b67ade681fa30e143dd99301bfbb1ce5e297dda89a579adbf02e958acf8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 230d538b329935829540f5cac83dfc4c1f0c1c81990223f20d16048a10e733e9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A521B0B1A19507A6EB20DF20D8056ED73A0EF80394F504531E68C866E4DF7CE6D5CF68
                                                                                                                                                                                                                                Function 00007FF7E71D2880 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                                • String ID: Error detected
                                                                                                                                                                                                                                • API String ID: 1878133881-3513342764
                                                                                                                                                                                                                                • Opcode ID: 06108ee8a0dfea952a12a3b0306062f889501f0bb9d520917d4d6b2389df326d
                                                                                                                                                                                                                                • Instruction ID: 094f0d00a12819bf5f8a6c9c30803a48a007b073309cc76c9c2b49e011c6878f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 06108ee8a0dfea952a12a3b0306062f889501f0bb9d520917d4d6b2389df326d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA21517262878291EA24E710F4917EAA365FFC4788FC04136EB9D47699DF3CD206CB61
                                                                                                                                                                                                                                Function 00007FF7E71D2770 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                                • String ID: Fatal error detected
                                                                                                                                                                                                                                • API String ID: 1878133881-4025702859
                                                                                                                                                                                                                                • Opcode ID: d8350b2dd45537fcb102945a95e56e5fec4cbfd54fbf68520de5e8d25681b826
                                                                                                                                                                                                                                • Instruction ID: 468673be7787a2b0a75197d78600a4527fcd4a99ff5bfd34723f3cd4a0fe18c5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d8350b2dd45537fcb102945a95e56e5fec4cbfd54fbf68520de5e8d25681b826
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7421817262878281EA24E710F4917EAA365FFC4788FC04036EB9D47699DF3CD206CB61
                                                                                                                                                                                                                                Function 00007FF8A9338C6C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: -
                                                                                                                                                                                                                                • API String ID: 0-2547889144
                                                                                                                                                                                                                                • Opcode ID: 25b4da5a108e94248877386f4b2b643301c4784b1a47f71dc3b236138af4cec3
                                                                                                                                                                                                                                • Instruction ID: de6659e870e20d289227d78a11bba49184b11ec6203f19c86e0b3771923c3fd3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 25b4da5a108e94248877386f4b2b643301c4784b1a47f71dc3b236138af4cec3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A4115166B4D58196FB808F19E08436D63B1EB85BD8F581435CB0C8B38ADEBDD4958B00
                                                                                                                                                                                                                                Function 00007FF8A9304AA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DigestO_writeUpdate
                                                                                                                                                                                                                                • String ID: ..\s\ssl\s3_enc.c
                                                                                                                                                                                                                                • API String ID: 1267058251-1839494539
                                                                                                                                                                                                                                • Opcode ID: 40d8540dba0296ad297b07d301ad47ced383123b8127a21799eda856f61cbd65
                                                                                                                                                                                                                                • Instruction ID: 08d7952854e17c245b75916a6ffc9f9c6522a4d207537e3a3e576eb7dcd3aa24
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 40d8540dba0296ad297b07d301ad47ced383123b8127a21799eda856f61cbd65
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1811A332B0E981A5FB608F55E58437A66F0EB887C8F585031EE5CC7799EE6CD6418700
                                                                                                                                                                                                                                Function 00007FF7E71DEEE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                • String ID: csm
                                                                                                                                                                                                                                • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                • Opcode ID: 858846fea34555fb8d2c4f12b26bdb04a58b0d9f624c4d397e9619eb30fde2ff
                                                                                                                                                                                                                                • Instruction ID: 51e7e37a19076e4a38b42c99c9743db245e0ba8b02f0341c161e5c65c3fa885a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 858846fea34555fb8d2c4f12b26bdb04a58b0d9f624c4d397e9619eb30fde2ff
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6B113A32618B8582EB259F15F4403A9B7A5FB88B95F9C4232EF9C07768DF3CD5568B00
                                                                                                                                                                                                                                Function 00007FF8A92F1C85 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: X_copy_ex
                                                                                                                                                                                                                                • String ID: ..\s\ssl\statem\statem_lib.c$s
                                                                                                                                                                                                                                • API String ID: 774438373-646802909
                                                                                                                                                                                                                                • Opcode ID: 92b2b1e9c41b6c7b2f40a0e2efc27d619d4c9c9030f31677c5efcaa54b7ea7ae
                                                                                                                                                                                                                                • Instruction ID: f098257b4cba11cd98f68c6865ba32001dfc091952cdc26a99e86f6c7ed4620e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 92b2b1e9c41b6c7b2f40a0e2efc27d619d4c9c9030f31677c5efcaa54b7ea7ae
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EE01D276B0F98196F7108B11E4443AA26A0EF84B94F944130D94C9B7A5DF2DD292CB00
                                                                                                                                                                                                                                Function 00007FF7E71EEF3C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722010126.00007FF7E71D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E71D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4721984887.00007FF7E71D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722042007.00007FF7E71FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E720D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E7210000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722071537.00007FF7E721C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722145998.00007FF7E721E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff7e71d0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID: :
                                                                                                                                                                                                                                • API String ID: 2595371189-336475711
                                                                                                                                                                                                                                • Opcode ID: 4110ab54a1292af6c610fc14bebcfde478b3b42ba13f09fd81a5f0b3dffa68e3
                                                                                                                                                                                                                                • Instruction ID: 407fd904f0be0d672ba40c8579cc8de132fd051b5582f0ab71f645abf26379fc
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4110ab54a1292af6c610fc14bebcfde478b3b42ba13f09fd81a5f0b3dffa68e3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 24015E6191C30387FB20BB60F45137EA3A0EF84744FC40137D66DC2691DE3CE54A8A26
                                                                                                                                                                                                                                Function 00007FF8A8083440 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _time64
                                                                                                                                                                                                                                • String ID: !$..\s\crypto\ct\ct_policy.c
                                                                                                                                                                                                                                • API String ID: 1670930206-3401457818
                                                                                                                                                                                                                                • Opcode ID: 10e2f6a2a299e7da60c3821852911bb3cc71192dbbe3a4b80bb4ef720c4b3404
                                                                                                                                                                                                                                • Instruction ID: 4e32f21ffa8a82e2323a73c7daaa43f07c1e236c3cf2ce1f2abed87d835eafb7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 10e2f6a2a299e7da60c3821852911bb3cc71192dbbe3a4b80bb4ef720c4b3404
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4BF0CD31A17A02AAEB118B20D4163BC7390FF90384F440034DA0D023D1EF3CE6A6CB68
                                                                                                                                                                                                                                Function 00007FF8A8A05580 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722885346.00007FF8A8A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A8A00000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722869539.00007FF8A8A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A06000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A5C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AA7000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AAB000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AB0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8B05000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723115131.00007FF8A8B09000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723139253.00007FF8A8B0B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8a00000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: String$Err_FromUnicode_
                                                                                                                                                                                                                                • String ID: no such name
                                                                                                                                                                                                                                • API String ID: 3678473424-4211486178
                                                                                                                                                                                                                                • Opcode ID: e523bd7dcbf9f9ea1903de6f7f8a11bf4a8d7d1066bd22e94e8c20c760f4f1c9
                                                                                                                                                                                                                                • Instruction ID: 5cfab3effe140b18863e0d046874dfe43487cc630471d3882ffa3accbc38bc27
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e523bd7dcbf9f9ea1903de6f7f8a11bf4a8d7d1066bd22e94e8c20c760f4f1c9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB014B31A1BE42A1FA218B21E8223B52370EF9CB89F501031CE4E56251FF2CF0458626
                                                                                                                                                                                                                                Function 00007FF8A9338C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                                                                • String ID: '
                                                                                                                                                                                                                                • API String ID: 3946675294-1997036262
                                                                                                                                                                                                                                • Opcode ID: b3c6ea87836551e68182ae0c3ee2d858efeb1840fb1257a68ec061d57f9d5784
                                                                                                                                                                                                                                • Instruction ID: 3b9c92e568a1a6f92cbd8b3885d9ff45ea4eb6a5d4d3b6dc90352d7cb80a71cc
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b3c6ea87836551e68182ae0c3ee2d858efeb1840fb1257a68ec061d57f9d5784
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 81F06262B0D68196EB409F26E04437D23A1EB89BD8F585038CA4C8B7CADEBCC4858700
                                                                                                                                                                                                                                Function 00007FF8A9338BE2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4723733276.00007FF8A92F1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8A92F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723706386.00007FF8A92F0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723733276.00007FF8A9362000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723835100.00007FF8A9387000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A938C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9392000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a92f0000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                                                                • String ID: &
                                                                                                                                                                                                                                • API String ID: 3946675294-1010288
                                                                                                                                                                                                                                • Opcode ID: 2cbf94f39a3d20bcb47c59b9fa8e42cb6a5de0a8db5b2cef822bba8d52f711fc
                                                                                                                                                                                                                                • Instruction ID: 39529441940d4fa674d51c882ca906db2b6c572b7f2c04a358a3db6146fe0ec2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2cbf94f39a3d20bcb47c59b9fa8e42cb6a5de0a8db5b2cef822bba8d52f711fc
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0BF09662B0D58186FB40DF16E44437D23A1EB89BD8F585034CA4C8B7CADFBDC4858700
                                                                                                                                                                                                                                Function 00007FF8A8A04ED4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722885346.00007FF8A8A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A8A00000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722869539.00007FF8A8A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A06000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8A5C000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AA7000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AAB000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8AB0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722907835.00007FF8A8B05000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723115131.00007FF8A8B09000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4723139253.00007FF8A8B0B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8a00000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DigitErr_StringUnicode_
                                                                                                                                                                                                                                • String ID: not a digit
                                                                                                                                                                                                                                • API String ID: 1987352478-3016634541
                                                                                                                                                                                                                                • Opcode ID: 97182ee07ba3ede72632394d0b49dffa3f738fe4c3db1f6da409a670c2574500
                                                                                                                                                                                                                                • Instruction ID: c4f47b29f268529d41f853bda3419257c781fb01e76a91bfb91a6796e57f91b1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 97182ee07ba3ede72632394d0b49dffa3f738fe4c3db1f6da409a670c2574500
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 74F0AC61F0BA06A1FB145B66985213512B1FF98FCDF541431CA1E86361FF6CB495832A
                                                                                                                                                                                                                                Function 00007FF8A808526D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21networkCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLastioctlsocket
                                                                                                                                                                                                                                • String ID: ..\s\crypto\bio\b_sock.c
                                                                                                                                                                                                                                • API String ID: 1021210092-540685895
                                                                                                                                                                                                                                • Opcode ID: 5740e7aa341a39e2a17b5874affd40281456fb5e085b1d01af788d5d0b0a0384
                                                                                                                                                                                                                                • Instruction ID: f925050eed6b959fbab38f87840d5b9543fa51fe9e18ba1256eb958521ded0ef
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5740e7aa341a39e2a17b5874affd40281456fb5e085b1d01af788d5d0b0a0384
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 11E092A0B1A503A6F7119B60D8057752350EF04385F100530D94EC2291EF7DA164CA28
                                                                                                                                                                                                                                Function 00007FF8A80851C8 Relevance: 5.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.4722207742.00007FF8A8081000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722179964.00007FF8A8080000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A808D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80E5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A80F9000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A810A000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A8110000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A811D000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722207742.00007FF8A82C5000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A82F2000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8323000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A8349000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722585633.00007FF8A836E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722742186.00007FF8A8395000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722762091.00007FF8A839B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A839D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83B9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff8a8080000_wsx.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memmove
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2162964266-0
                                                                                                                                                                                                                                • Opcode ID: bd87426aa5976e2e44b02db415de2f1a8c7fc3c09a2b410ca9d7a361decc8cb4
                                                                                                                                                                                                                                • Instruction ID: f28cabbfc2f2557132004b33c79c52af234c026d4fc873e6490eec135bf4fee7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bd87426aa5976e2e44b02db415de2f1a8c7fc3c09a2b410ca9d7a361decc8cb4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 58110876605641A2E710EB2AE1401ED7360FF447D0F448531EB5D47BE6EF28E5A0C714